Primary

Context

ZesleCP Remote Code Execution Vulnerability in FTP Account Creation

Vulnerability

An authenticated remote code execution vulnerability exists in ZesleCP version 3.1.9. This vulnerability allows attackers to create FTP accounts embedded with shell injection payloads. By exploiting the FTP account creation endpoint, attackers can inject reverse shell commands that establish a network connection to a specified listening host.

Impact

Exploitation of this vulnerability allows for authenticated remote code execution on the server where ZesleCP is installed.

Reproduction

To reproduce this vulnerability, log into the ZesleCP control panel as a user with FTP account creation privileges. Once logged in, navigate to the FTP account creation section. Inject a reverse shell command into the FTP password field, using a payload that connects back to a listener on the attacker's machine. After the FTP account is created, the injected command will be executed, establishing a reverse shell connection.

Added: Jan 16, 2026, 12:43 AM

Updated: Jan 16, 2026, 12:43 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ZesleCP Remote Code Execution Vulnerability in FTP Account Creation

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating