An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function.
CPE | Name | Operator | Version |
---|---|---|---|
zentao | le | 18.6 | |
zentao_biz | le | 8.6 | |
zentao_max | le | 4.7 |