Security Advisory

CVE-2021-40845

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-09-15 12:39:43

Last updated 2024-08-04 02:51:07

Assigner mitre

State PUBLISHED

Description

The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory.

← Browse all CVEs View on cve.org ↗