10 matches found
CVE-2025-50857
ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload...
CVE-2025-50857
ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload...
CVE-2026-2551
A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/control.php of the component Backup Handler. This manipulation of the argument fileName causes path traversal. It is possible to initiate the attack remotely. The exploi...
CVE-2025-13787
A flaw has been found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/control.php of the component File Handler. Executing manipulation of the argument fileID can lead to improper privilege management. It is possible to launch the attack...
CVE-2022-4984
ZenTao Biz 6.5, ZenTao Max 3.0, ZenTao Open Source Edition 16.5, and ZenTao Open Source Edition 16.5.beta1 contain an SQL injection vulnerability in the login functionality. The application does not properly validate the account parameter on /zentao/user-login.html before using it in a database...
Linux Distros Unpatched Vulnerability : CVE-2022-2235
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1....
CVE-2023-46374
ZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cross Site Scripting XSS...
CVE-2023-46491
ZenTao Biz version 4.1.3 and before has a Cross Site Scripting XSS vulnerability in the Version Library...
PT-2023-29306 · Unknown · Zentao Community Edition +2
Name of the Vulnerable Software and Affected Versions: ZenTao Community Edition versions 18.6 and earlier ZenTao Biz versions 8.6 and earlier ZenTao Max versions 4.7 and earlier Description: The issue allows an attacker to execute arbitrary code via a crafted script to the Office Conversion...
PT-2023-11581 · Easysoft · Easysoft Zentao
Name of the Vulnerable Software and Affected Versions: EasySoft ZenTao version 11.6.4 Description: The issue allows a remote attacker to execute arbitrary code via the lastComment parameter, which is related to a Cross Site Scripting vulnerability. Recommendations: For EasySoft ZenTao version...