13 matches found
Easycorp Zentao Pro Command Injection (CVE-2020-7361)
A command injection vulnerability exists in Easycorp Zentao Pro. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2020-7361
The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the ZenTao dashboard, attackers may construct and send arbitrary OS commands via the POST parameter 'path', and those commands will run in an...
CVE-2020-7361
The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the ZenTao dashboard, attackers may construct and send arbitrary OS commands via the POST parameter 'path', and those commands will run in an...
Command injection
The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the ZenTao dashboard, attackers may construct and send arbitrary OS commands via the POST parameter 'path', and those commands will run in an...
CVE-2020-7361
CVE-2020-7361 affects EasyCorp ZenTao Pro (8.8.2 and earlier). A command-injection vulnerability exists in the vulnerable "/pro/repo-create.html" endpoint, where an authenticated user can send arbitrary OS commands through the POST parameter “path.” Executed commands run in the Windows SYSTEM con...
CVE-2020-7361 ZenTao Pro Command Injection
The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the ZenTao dashboard, attackers may construct and send arbitrary OS commands via the POST parameter 'path', and those commands will run in an...
EasyCorp ZenTao Pro Command Injection Vulnerability
EasyCorp ZenTao Pro is China's natural easy soft network technology EasyCorp company's set of open source project management software. The software includes product management, project management, quality management and document management and other functions. A command injection vulnerability...
ZenTao Pro 8.8.2 Remote Code Execution
This module exploits a command injection vulnerability in ZenTao Pro 8.8.2 and earlier versions in order to execute arbitrary commands with SYSTEM privileges. The module first attempts to authenticate to the ZenTao dashboard. It then tries to execute the payload by submitting fake repositories vi...
ZenTao Pro 8.8.2 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ZenTao Pro 8.8.2 Remote Code Execution', 'Description' = %q This module exploits a command injection vulnerability in ZenTao Pro 8.8.2 and earlie...
ZenTao Pro 8.8.2 Remote Code Execution Exploit
This Metasploit module exploits a command injection vulnerability in ZenTao Pro 8.8.2 and earlier versions in order to execute arbitrary commands with SYSTEM privileges. Valid credentials for a ZenTao admin account are required. This module has been successfully tested against ZenTao 8.8.1 and...
ZenTao Pro 8.8.2 Command Injection
Exploit Title: ZenTao Pro 8.8.2 - Command Injection Date: 2020-07-01 Exploit Author: Daniel Monzón & Melvin Boers Vendor Homepage: https://www.zentao.pm/ Version: 8.8.2 Tested on: Windows 10 / WampServer Other versions like pro or enterprise edition could be affected aswell Netcat is needed to us...
ZenTao Pro 8.8.2 - Command Injection Exploit
Exploit for php platform in category web applications Exploit Title: ZenTao Pro 8.8.2 - Command Injection Exploit Author: Daniel Monzón & Melvin Boers Vendor Homepage: https://www.zentao.pm/ Version: 8.8.2 Tested on: Windows 10 / WampServer Other versions like pro or enterprise edition could be...
ZenTao Pro 8.8.2 - Command Injection
Exploit Title: ZenTao Pro 8.8.2 - Command Injection Date: 2020-07-01 Exploit Author: Daniel Monzón & Melvin Boers Vendor Homepage: https://www.zentao.pm/ Version: 8.8.2 Tested on: Windows 10 / WampServer Other versions like pro or enterprise edition could be affected aswell Netcat is needed to us...