An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file.
References
Link | Resource |
---|---|
https://clammy-blizzard-8ef.notion.site/Zentao-PMS-Authorized-Remote-Code-Execution-Vulnerability-1077a870c92848e18fe0c139c4fc2176 | Exploit Third Party Advisory |
https://clammy-blizzard-8ef.notion.site/Zentao-PMS-Authorized-Remote-Code-Execution-Vulnerability-1077a870c92848e18fe0c139c4fc2176 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:59
Type | Values Removed | Values Added |
---|---|---|
References | () https://clammy-blizzard-8ef.notion.site/Zentao-PMS-Authorized-Remote-Code-Execution-Vulnerability-1077a870c92848e18fe0c139c4fc2176 - Exploit, Third Party Advisory |
15 Feb 2024, 15:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:easycorp:zentao:18.10:*:*:*:community:*:*:* cpe:2.3:a:easycorp:zentao_biz:8.10:*:*:*:*:*:*:* cpe:2.3:a:easycorp:zentao_max:4.10:*:*:*:*:*:*:* |
|
CWE | CWE-434 | |
First Time |
Easycorp zentao Biz
Easycorp zentao Max Easycorp Easycorp zentao |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | () https://clammy-blizzard-8ef.notion.site/Zentao-PMS-Authorized-Remote-Code-Execution-Vulnerability-1077a870c92848e18fe0c139c4fc2176 - Exploit, Third Party Advisory |
08 Feb 2024, 13:44
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
08 Feb 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-08 05:15
Updated : 2024-11-21 08:59
NVD link : CVE-2024-24202
Mitre link : CVE-2024-24202
CVE.ORG link : CVE-2024-24202
JSON object : View
Products Affected
easycorp
- zentao_biz
- zentao
- zentao_max
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type