### [CVE-2021-40845](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40845)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory.

### POC

#### Reference
- http://packetstormsecurity.com/files/164149/Zenitel-AlphaCom-XE-Audio-Server-11.2.3.10-Shell-Upload.html
- http://packetstormsecurity.com/files/164160/Zenitel-AlphaCom-XE-Audio-Server-11.2.3.10-Shell-Upload.html
- https://github.com/ricardojoserf/CVE-2021-40845
- https://ricardojoserf.github.io/CVE-2021-40845/

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/FDlucifer/firece-fish
- https://github.com/anquanscan/sec-tools
- https://github.com/n0-traces/cve_monitor
- https://github.com/ricardojoserf/CVE-2021-40845