5 matches found
CVE-2021-47667
An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmpname parameter when dropping off a file via a POST /dropoff request...
CVE-2021-47667
creationtimestamp| type| source ---|---|--- 2025-04-05 05:37:47+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10596 2025-04-05 07:48:35+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114284253318328281 2025-04-05 07:48:35+00:00| seen|...
CVE-2021-47667
An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmpname parameter when dropping off a file via a POST /dropoff request...
CVE-2021-47667
An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmpname parameter when dropping off a file via a POST /dropoff request...
CVE-2021-47667
An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmpname parameter when dropping off a file via a POST /dropoff request...