An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file.
CPE | Name | Operator | Version |
---|---|---|---|
zentao | eq | 18.10 | |
zentao_biz | eq | 8.10 | |
zentao_max | eq | 4.10 |