Vulnerabilities > Zeroshell > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-11-30 CVE-2020-29390 OS Command Injection vulnerability in Zeroshell 3.9.3
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character.
network
low complexity
zeroshell CWE-78
critical
 9.8
9.8
2019-07-19 CVE-2019-12725 OS Command Injection vulnerability in Zeroshell 3.9.0
Zeroshell 3.9.0 is prone to a remote command execution vulnerability.
network
low complexity
zeroshell CWE-78
critical
 9.8
9.8