CVE-2021-47794

HIGH

Zeslecp < 3.1.9 - OS Command Injection

Title source: rule

Description

ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell command that establishes a network connection to a specified listening host.

Exploits (1)

exploitdb WORKING POC

by numan türle · pythonwebappsmultiple

https://www.exploit-db.com/exploits/50233

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/50233

[Third Party Advisory] https://www.vulncheck.com/advisories/zeslecp-remote-code-execution-rce-authenticated

[Exploit] https://www.youtube.com/watch?v=5lTDTEBVq-0

[Product] https://zeslecp.com/

Scores

CVSS v3 8.8

EPSS 0.0016

EPSS Percentile 36.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

zesle/zeslecp < 3.1.9

Published Jan 16, 2026

Tracked Since Feb 18, 2026