CVE-2021-21707

MEDIUM

PHP <7.3.33, 7.4.26, 8.0.13 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-21707. PoCs published by useru1k.

AI-analyzed exploit summary This repository contains a Java-based exploit for CVE-2021-21707, targeting PHP 8.1.0-dev. The exploit leverages a User-Agent header injection to execute a reverse shell payload via the 'zerodiumsystem' function, demonstrating remote code execution (RCE).

Description

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

Exploits (1)

nomisec WORKING POC

by useru1k · poc

https://github.com/useru1k/php-8.1.0-dev-exploit

View Code ZIP pw:eip

This repository contains a Java-based exploit for CVE-2021-21707, targeting PHP 8.1.0-dev. The exploit leverages a User-Agent header injection to execute a reverse shell payload via the 'zerodiumsystem' function, demonstrating remote code execution (RCE).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PHP 8.1.0-dev

No auth needed

Prerequisites: Java JDK (8+) installed · Network connectivity to target · Listener set up on attacker's machine

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory vendor-advisory

https://www.debian.org/security/2022/dsa-5082

Issue Tracking, Mailing List mailing-list

https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html

Exploit, Issue Tracking, Patch, Release Notes, Vendor Advisory

https://bugs.php.net/bug.php?id=79971

Third Party Advisory

https://security.netapp.com/advisory/ntap-20211223-0005/

Patch, Release Notes, Third Party Advisory

https://www.tenable.com/security/tns-2022-09

Scores

CVSS v3 5.3

EPSS 0.2595

EPSS Percentile 97.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-159

Status published

Products (5)

debian/debian_linux 10.0

debian/debian_linux 11.0

netapp/clustered_data_ontap

php/php 7.3.0 - 7.3.33

tenable/tenable.sc < 5.21.0

Published Nov 29, 2021

Tracked Since Feb 18, 2026