Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Zentao
(Easycorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-08 | CVE-2024-24216 | Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php. | Zentao | 9.8 | ||
| 2023-04-04 | CVE-2020-22533 | Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter | Zentao | 6.1 | ||
| 2023-06-20 | CVE-2020-21268 | Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter. | Zentao | 6.1 | ||
| 2021-08-12 | CVE-2020-28165 | The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function. | Zentao | 9.8 | ||
| 2021-08-31 | CVE-2021-27556 | The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System. | Zentao | 7.2 |