SQL Injection in Qingdao Esoft Tianchuang Network Technology Co., Ltd. Zentao Biz
CVE-2022-4984
ZenTao Biz < 6.5, ZenTao Max < 3.0, ZenTao Open Source Edition < 16.5, and ZenTao Open Source Edition < 16.5.beta1 contain an SQL injection vulnerability in the login functionality. The application does not properly validate the account pa…
Vulnerability class: SQL Injection
EPSS: 0.004 (31.2th percentile) — read the EPSS interpretation.
Affected products
Weakness classification (CWE)
References
- disclosure@vulncheck.com (government-resource, vdb-entry)
- disclosure@vulncheck.com (patch)
- disclosure@vulncheck.com (patch)
- disclosure@vulncheck.com (patch)
- disclosure@vulncheck.com (patch)
- disclosure@vulncheck.com (third-party-advisory)