{"vulnerability": "CVE-2021-40845", "sightings": [{"uuid": "52ccecbc-9ea0-4169-9df5-5bd46c63e452", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40845", "type": "seen", "source": "MISP/e9fe9c80-e538-4746-ae5b-1c9ea5c9e30b", "content": "", "creation_timestamp": "2024-11-14T06:10:10.000000Z"}, {"uuid": "6403a08d-f41b-4856-98d5-d66c15840ea5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40845", "type": "seen", "source": "https://t.me/cibsecurity/28881", "content": "\u203c CVE-2021-40845 \u203c\n\nThe web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-15T16:22:23.000000Z"}, {"uuid": "c94a3088-bf05-428d-9acb-eaff668cd3da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40845", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4278", "content": "#exploit\nCVE-2021-40845:\nAlphaWeb XE - Authenticated Insecure File Upload\nleading to RCE (PoC)\nhttps://github.com/ricardojoserf/CVE-2021-40845", "creation_timestamp": "2021-09-12T13:30:11.000000Z"}]}