VYPR

AlphaCom XE Audio Server

by Zenitel

CVEs (1)

  • CVE-2021-40845HigSep 15, 2021
    risk 0.58cvss 8.8epss 0.05

    The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd…