Easycorp Zentao
16 CVEs affecting Easycorp Zentao. Latest disclosed: 2025-05-23. Critical: 3, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-24216 | Critical | 9.8 | 2024-02-08 | Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.ph… |
CVE-2024-24202 | Critical | 9.8 | 2024-02-08 | An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to e… |
CVE-2020-28165 | Critical | 9.8 | 2021-08-12 | The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by usin… |
CVE-2023-44827 | High | 8.8 | 2023-10-10 | An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code v… |
CVE-2022-47745 | High | 8.8 | 2023-01-19 | ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and… |
CVE-2022-37700 | High | 7.5 | 2022-09-19 | Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.ze… |
CVE-2021-27556 | High | 7.2 | 2021-08-31 | The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System. |
CVE-2025-5114 | Medium | 6.3 | 2025-05-23 | A vulnerability has been found in easysoft zentaopms 21.5_20250307 and classified as critical. This vulnerability affects the function Edit of the file /index… |
CVE-2023-49394 | Medium | 6.1 | 2024-01-10 | Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly. |
CVE-2020-21268 | Medium | 6.1 | 2023-06-20 | Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter. |
CVE-2020-22533 | Medium | 6.1 | 2023-04-04 | Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter |
CVE-2021-27558 | Medium | 6.1 | 2021-08-31 | A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creato… |
CVE-2023-46475 | Medium | 5.4 | 2023-11-02 | A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inj… |
CVE-2023-44826 | Medium | 5.4 | 2023-10-10 | Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script. |
CVE-2021-27557 | Medium | 4.3 | 2021-08-31 | A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job. |
CVE-2023-6439 | Low | 3.5 | 2023-11-30 | A vulnerability classified as problematic was found in ZenTao PMS 18.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to c… |