Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
easycorp zentao vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-44827
An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an malicious user to execute arbitrary code via a crafted script to the Office Conversion Settings function.
Easycorp Zentao Max
Easycorp Zentao Biz
Easycorp Zentao
9.8
CVSSv3
CVE-2024-24202
An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows malicious users to execute arbitrary code via uploading a crafted .txt file.
Easycorp Zentao Max 4.10
Easycorp Zentao 18.10
Easycorp Zentao Biz 8.10
8.8
CVSSv3
CVE-2022-47745
ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function importNotice.
Easycorp Zentao 18.0
Easycorp Zentao
1 Github repository
9.8
CVSSv3
CVE-2020-28165
The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function.
Easycorp Zentao
6.1
CVSSv3
CVE-2023-49394
Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly.
Easycorp Zentao
6.1
CVSSv3
CVE-2020-22533
Cross Site Scripting vulnerability found in Zentao allows a remote malicious user to execute arbitrary code via the lang parameter
Easycorp Zentao
6.1
CVSSv3
CVE-2020-21268
Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote malicious user to execute arbitrary code via the lastComment parameter.
Easycorp Zentao 11.6.4
5.4
CVSSv3
CVE-2023-46475
A Stored Cross-Site Scripting vulnerability exists in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code.
Easycorp Zentao 18.3
1 Github repository
8.8
CVSSv3
CVE-2020-7361
The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the ZenTao dashboard, attackers may construct and send arbitrary OS commands via the POST parameter 'path',...
Easycorp Zentao Pro
7.5
CVSSv3
CVE-2022-37700
Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig.
Easycorp Zentao 15.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »