RCE in Zesle Zeslecp
CVE-2021-47794
ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a revers…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.009 (55.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Zesle Zeslecp
- Zeslecp — versions <=3.1.9
Weakness classification (CWE)
References
- disclosure@vulncheck.com (Exploit, Third Party Advisory, exploit)
- disclosure@vulncheck.com (Product, product)
- disclosure@vulncheck.com (Exploit, exploit)
- disclosure@vulncheck.com (Third Party Advisory, third-party-advisory)
Frequently asked questions
- What is CVE-2021-47794?
- CVE-2021-47794 is a high-severity vulnerability in Zesle Zeslecp, classified under OS Command Injection. CVSS score: 8.8/10. Published 2026-01-16.
- How severe is CVE-2021-47794?
- High severity. CVSS v3 base score is 8.8 out of 10.