CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-47667

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0220%
EPSS Percentile28.92th
Published2025年4月5日
Last Modified2026年4月15日

Vulnerability Description

An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmp_name parameter when dropping off a file via a POST /dropoff request.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://projectblack.io/blog/zendto-nday-vulnerabilities/
🔗 https://projectblack.io/blog/zendto-nday-vulnerabilities/

相关漏洞威胁

CVE-2021-3467910.0

Thycotic Password Reset Server before 5.3.0 allows credential disclosure.

CVE-2021-4155610.0

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to ...

CVE-2021-4422810.0

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration...

CVE-2021-021110.0

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon ...