CVE-2021-47794

HIGH

ZesleCP < 3.1.9 - Authenticated Remote Code Execution via FTP Account Creation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47794. PoCs published by numan türle.

AI-analyzed exploit summary This exploit targets ZesleCP <=3.1.9 with an authenticated RCE via FTP account creation. It injects a reverse shell payload into the FTP password field, leveraging command injection to execute arbitrary commands.

Description

ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell command that establishes a network connection to a specified listening host.

Exploits (1)

exploitdb WORKING POC
by numan türle · pythonwebappsmultiple
https://www.exploit-db.com/exploits/50233

This exploit targets ZesleCP <=3.1.9 with an authenticated RCE via FTP account creation. It injects a reverse shell payload into the FTP password field, leveraging command injection to execute arbitrary commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ZesleCP <=3.1.9
Auth required
Prerequisites: Valid credentials for ZesleCP · Network access to target · Listener setup for reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/50233
Product product
https://zeslecp.com/

Scores

CVSS v3 8.8
EPSS 0.0091
EPSS Percentile 55.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (1)
zesle/zeslecp < 3.1.9
Published Jan 16, 2026
Tracked Since Feb 18, 2026