Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
easycorp zentao vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2021-27556
The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System.
Easycorp Zentao 12.5.3
9
CVSSv2
CVE-2020-7361
The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the ZenTao dashboard, attackers may construct and send arbitrary OS commands via the POST parameter 'path',...
Easycorp Zentao Pro
7.5
CVSSv2
CVE-2020-28165
The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function.
Easycorp Zentao
4.3
CVSSv2
CVE-2021-27557
A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows malicious users to update the fields of a Cron job.
Easycorp Zentao 12.5.3
4.3
CVSSv2
CVE-2021-27558
A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote malicious users to execute arbitrary web script via various areas such as data-link-creator.
Easycorp Zentao 12.5.3
NA
CVE-2024-24202
An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows malicious users to execute arbitrary code via uploading a crafted .txt file.
Easycorp Zentao Max 4.10
Easycorp Zentao 18.10
Easycorp Zentao Biz 8.10
NA
CVE-2023-49394
Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly.
Easycorp Zentao
NA
CVE-2023-6439
A vulnerability classified as problematic was found in ZenTao PMS 18.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. T...
Easycorp Zentao 18.8
NA
CVE-2023-46475
A Stored Cross-Site Scripting vulnerability exists in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code.
Easycorp Zentao 18.3
1 Github repository
NA
CVE-2023-44826
Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local malicious user to obtain sensitive information via a crafted script.
Easycorp Zentao 18.6
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »