Primary

Context

Zend.To Command Injection Vulnerability in NSSDropoff.php

Vulnerability

A critical command injection vulnerability has been identified in Zend.To versions prior to 6.10-7 Beta. The issue arises in the NSSDropoff.php file, where the exec function is called with unsanitized file names from user uploads. This vulnerability allows unauthenticated attackers to execute arbitrary system commands during the file upload process. The vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for unauthenticated remote code execution on the server where Zend.To is installed.

Reproduction

The vulnerability can be reproduced by uploading a file through the application's file transfer interface. The uploaded file's 'tmp_name' parameter can be manipulated to include arbitrary commands, which are then executed on the server via the exec function in NSSDropoff.php.

Remediation

Users are advised to upgrade to Zend.To version 6.10-7 or later.

Added: Jun 10, 2025, 5:17 AM

Updated: Jun 10, 2025, 5:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zend.To Command Injection Vulnerability in NSSDropoff.php

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating