ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands.
Max CVSS
8.8
EPSS Score
0.13%
Published
2022-06-11
Updated
2022-06-17
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character.
Max CVSS
10.0
EPSS Score
95.74%
Published
2020-11-30
Updated
2020-12-03
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
Max CVSS
10.0
EPSS Score
96.34%
Published
2019-07-19
Updated
2021-05-13

CVE-2009-0545

Public exploit
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.
Max CVSS
10.0
EPSS Score
97.08%
Published
2009-02-12
Updated
2018-10-10
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!