14 matches found
CVE-2026-2551 ZenTao Backup control.php delete path traversal
A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/control.php of the component Backup Handler. This manipulation of the argument fileName causes path traversal. It is possible to initiate the attack remotely. The exploi...
CVE-2026-2551
A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/control.php of the component Backup Handler. This manipulation of the argument fileName causes path traversal. It is possible to initiate the attack remotely. The exploi...
PT-2026-8334
A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/control.php of the component Backup Handler. This manipulation of the argument fileName causes path traversal. It is possible to initiate the attack remotely. The exploi...
CVE-2025-13789
A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used...
CVE-2025-13789 ZenTao model.php makeRequest server-side request forgery
A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used...
EUVD-2021-14307
Malware in sbrugna...
EUVD-2024-21640
Malicious code in bioql PyPI...
CVE-2024-24216
Zentao v18.0 to v18.10 was discovered to contain a remote code execution RCE vulnerability via the checkConnection method of /app/zentao/module/repo/model.php...
CVE-2022-47745
ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function importNotice...
CVE-2020-22533
Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter...
CVE-2024-24216
Zentao v18.0 to v18.10 was discovered to contain a remote code execution RCE vulnerability via the checkConnection method of /app/zentao/module/repo/model.php...
CVE-2023-44827
An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function...
CVE-2020-22533
Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter...
PT-2023-11621 · Zentao · Zentao
Name of the Vulnerable Software and Affected Versions: Zentao affected versions not specified Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the lang parameter. This enables the attacker to inject malicious scripts into the website, potentially...