High severity8.8NVD Advisory· Published Sep 15, 2021· Updated Jun 17, 2026
CVE-2021-40845
CVE-2021-40845
Description
The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Zenitel/AlphaCom XE Audio Serverdescription
- Range: <=11.2.3.10
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/164160/Zenitel-AlphaCom-XE-Audio-Server-11.2.3.10-Shell-Upload.htmlnvdExploitThird Party AdvisoryVDB Entry
- ricardojoserf.github.io/CVE-2021-40845/nvdExploitThird Party Advisory
- packetstormsecurity.com/files/164149/Zenitel-AlphaCom-XE-Audio-Server-11.2.3.10-Shell-Upload.htmlnvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.