Easycorp Zentao

16 CVEs affecting Easycorp Zentao. Latest disclosed: 2025-05-23. Critical: 3, High: 4.

Top CVEs affecting Easycorp Zentao
CVESeverityScorePublishedSummary
CVE-2024-24216Critical9.82024-02-08Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.ph…
CVE-2024-24202Critical9.82024-02-08An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to e…
CVE-2020-28165Critical9.82021-08-12The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by usin…
CVE-2023-44827High8.82023-10-10An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code v…
CVE-2022-47745High8.82023-01-19ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and…
CVE-2022-37700High7.52022-09-19Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.ze…
CVE-2021-27556High7.22021-08-31The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System.
CVE-2025-5114Medium6.32025-05-23A vulnerability has been found in easysoft zentaopms 21.5_20250307 and classified as critical. This vulnerability affects the function Edit of the file /index…
CVE-2023-49394Medium6.12024-01-10Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly.
CVE-2020-21268Medium6.12023-06-20Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter.
CVE-2020-22533Medium6.12023-04-04Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter
CVE-2021-27558Medium6.12021-08-31A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creato…
CVE-2023-46475Medium5.42023-11-02A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inj…
CVE-2023-44826Medium5.42023-10-10Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script.
CVE-2021-27557Medium4.32021-08-31A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job.
CVE-2023-6439Low3.52023-11-30A vulnerability classified as problematic was found in ZenTao PMS 18.8. Affected by this vulnerability is an unknown functionality. The manipulation leads to c…