A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell
CVSS Score
9.8
EPSS Score
0.045
Published
2021-11-28
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file
CVSS Score
7.8
EPSS Score
0.012
Published
2021-11-28