VYPR
Critical severity10.0NVD Advisory· Published Apr 5, 2025· Updated Apr 15, 2026

CVE-2021-47667

CVE-2021-47667

Description

An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmp_name parameter when dropping off a file via a POST /dropoff request.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Zendto/Zendtoinferred2 versions
    >=5.24-3,<6.10-7+ 1 more
    • (no CPE)range: >=5.24-3,<6.10-7
    • (no CPE)range: >=5.24-3, <6.10-7

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.