Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
easycorp zentao vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-44827
An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an malicious user to execute arbitrary code via a crafted script to the Office Conversion Settings function.
Easycorp Zentao Max
Easycorp Zentao Biz
Easycorp Zentao
NA
CVE-2024-24202
An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows malicious users to execute arbitrary code via uploading a crafted .txt file.
Easycorp Zentao Max 4.10
Easycorp Zentao 18.10
Easycorp Zentao Biz 8.10
NA
CVE-2022-47745
ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function importNotice.
Easycorp Zentao 18.0
Easycorp Zentao
1 Github repository
NA
CVE-2020-22533
Cross Site Scripting vulnerability found in Zentao allows a remote malicious user to execute arbitrary code via the lang parameter
Easycorp Zentao
NA
CVE-2023-49394
Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly.
Easycorp Zentao
668
VMScore
CVE-2020-28165
The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function.
Easycorp Zentao
NA
CVE-2023-6439
A vulnerability classified as problematic was found in ZenTao PMS 18.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. T...
Easycorp Zentao 18.8
NA
CVE-2020-21268
Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote malicious user to execute arbitrary code via the lastComment parameter.
Easycorp Zentao 11.6.4
801
VMScore
CVE-2020-7361
The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the ZenTao dashboard, attackers may construct and send arbitrary OS commands via the POST parameter 'path',...
Easycorp Zentao Pro
NA
CVE-2022-37700
Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig.
Easycorp Zentao 15.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »