Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2025/11/14 7:59 p.m.6 views

CVE-2022-4984

ZenTao Biz 6.5, ZenTao Max 3.0, ZenTao Open Source Edition 16.5, and ZenTao Open Source Edition 16.5.beta1 contain an SQL injection vulnerability in the login functionality. The application does not properly validate the account parameter on /zentao/user-login.html before using it in a database...

8.7CVSS8.1AI score0.00402EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/13 7:37 p.m.10 views

CVE-2022-4984 ZenTao Biz < 6.5, Max < 3.0, & Open Source Edition 16.5/16.5beta1 SQL Injection via user-login.html

ZenTao Biz 6.5, ZenTao Max 3.0, ZenTao Open Source Edition 16.5, and ZenTao Open Source Edition 16.5.beta1 contain an SQL injection vulnerability in the login functionality. The application does not properly validate the account parameter on /zentao/user-login.html before using it in a database...

8.7CVSS0.00402EPSS
Exploits0References6
CVE
CVE
added 2025/11/13 7:37 p.m.20 views

CVE-2022-4984

CVE-2022-4984 affects ZenTao Biz &lt; 6.5, ZenTao Max &lt; 3.0, and ZenTao Open Source Edition

8.7CVSS7.7AI score0.00402EPSS
In wildExploits0References6
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.7 views

PT-2025-46894

ZenTao Biz 6.5, ZenTao Max 3.0, ZenTao Open Source Edition 16.5, and ZenTao Open Source Edition 16.5.beta1 contain an SQL injection vulnerability in the login functionality. The application does not properly validate the account parameter on /zentao/user-login.html before using it in a database...

8.7CVSS8.1AI score0.00402EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.12 views

ZenTao多款产品 安全漏洞

ZenTao Biz and others are a project management software from the Chinese company ZenTao. A security vulnerability exists in several ZenTao products, which stems from insufficient validation of the parameter account in the file /zentao/user-login.html, which could lead to an SQL injection attack...

8.7CVSS7.5AI score0.00402EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-49150

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00935EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:37 a.m.6 views

CVE-2024-24202

An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file...

9.8CVSS9.6AI score0.01EPSS
Exploits1References1
NVD
NVD
added 2024/02/08 5:15 a.m.18 views

CVE-2024-24202

An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file...

9.8CVSS9.6AI score0.01EPSS
Exploits1References1
Prion
Prion
added 2024/02/08 5:15 a.m.14 views

Design/Logic Flaw

An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file...

7.5CVSS8.3AI score0.01EPSS
Exploits1References1Affected Software3
Vulnrichment
Vulnrichment
added 2024/02/08 12:0 a.m.16 views

CVE-2024-24202

An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file...

7.8AI score0.01EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/02/08 12:0 a.m.4 views

PT-2024-20317 · Unknown · Zentao Community Edition +2

Name of the Vulnerable Software and Affected Versions: ZenTao Community Edition versions 18.10 ZenTao Biz versions 8.10 ZenTao Max versions 4.10 Description: An arbitrary file upload issue in the /upgrade/control.php endpoint allows attackers to execute arbitrary code by uploading a crafted .txt...

9.8CVSS7.8AI score0.01EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/02/08 12:0 a.m.5 views

Nature Easy Soft Network Technology ZenTao Code Issue Vulnerability

Nature Easy Soft Network Technology ZenTao is China's easy soft Tianchuang network technology Nature Easy Soft Network Technology company's open source project management software. The software includes product management, project management, quality management and document management and other...

9.8CVSS7.7AI score0.01EPSS
Exploits1References2
CVE
CVE
added 2024/02/08 12:0 a.m.58 views

CVE-2024-24202

CVE-2024-24202 refers to an arbitrary file upload vulnerability in ZenTao components (Community Edition v18.10, Biz v8.10, Max v4.10) exposed at /upgrade/control.php. The root cause is a crafted .txt file upload that allows remote code execution. Affected products are explicitly ZenTao Community ...

9.8CVSS9.6AI score0.01EPSS
Exploits1References1Affected Software3
OSV
OSV
added 2023/10/10 3:15 a.m.16 views

CVE-2023-44827

An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function...

8.8CVSS7.9AI score0.00935EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/10/10 12:0 a.m.10 views

CVE-2023-44827

An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function...

7.9AI score0.00935EPSS
Exploits1References1
CVE
CVE
added 2023/10/10 12:0 a.m.51 views

CVE-2023-44827

Summary of CVE-2023-44827 : This vulnerability affects ZenTao components as follows: ZenTao Community Edition ≤ v18.6, ZenTao Biz ≤ v8.6, and ZenTao Max ≤ v4.7. An attacker can achieve arbitrary code execution by supplying a crafted script via the Office Conversion Settings function. Root cause i...

8.8CVSS8.8AI score0.00935EPSS
Exploits1References1Affected Software3
Rows per page
Query Builder