PR
Add CVE-2021-22941 - Citrix ShareFile Broken Access Control
projectdiscovery/nuclei-templates#14179
/claim #14092
This template detects CVE-2021-22941 broken access control vulnerability in Citrix ShareFile Storage Zones Controller before version 5.11.20.
Vulnerability Details
The vulnerability allows unauthenticated attackers to access the Upload.aspx endpoint, which should require authentication. This broken access control can be exploited for path traversal and arbitrary file writing, leading to RCE.
Testing Environment
Repository: https://github.com/pratikjojode/citrix-cve-2021-22941-lab
The repository contains a realistic mock server that simulates the actual vulnerable behavior:
- ✅ Upload.aspx accessible without authentication
- ✅ Returns
LocalFile:GUID responses (as documented in CVE) - ✅ Includes realistic IIS/ASP.NET headers
- ✅ Full debug output included
- ✅ Testing instructions in README.md and TESTING.md
Quick Validation
git clone https://github.com/pratikjojode/citrix-cve-2021-22941-lab
cd citrix-cve-2021-22941-lab
docker build -t citrix-vuln .
docker run -d -p 8000:8000 citrix-vuln
nuclei -t CVE-2021-22941.yaml -u http://localhost:8000 -debug
Claim
Total prize pool
$100
Total paid
$0
Status
Pending
Submitted
December 02, 2025
Last updated
December 02, 2025
Contributors
PR
Pratik Ravindra Jojode
@pratikjojode
Sponsors
PR
ProjectDiscovery
@projectdiscovery
$100