Skip to main content
CVE-2021-44093 CRITICAL POC Act Now

A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zrlog
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-44094 HIGH POC This Week

ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zrlog
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy