Zentaopms
by Easysoft
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-50857 | Cri | 0.64 | 9.8 | 0.02 | Feb 26, 2026 | ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload | ||
| CVE-2025-5114 | 0.00 | — | 0.00 | May 23, 2025 | A vulnerability has been found in easysoft zentaopms 21.5_20250307 and classified as critical. This vulnerability affects the function Edit of the file /index.php?m=editor&f=edit&filePath=cGhhcjovLy9ldGMvcGFzc3dk&action=edit of the component Committer. The manipulation of the… | |||
| CVE-2023-44826 | 0.00 | — | 0.00 | Oct 10, 2023 | Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script. |
- risk 0.64cvss 9.8epss 0.02
ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload
- CVE-2025-5114May 23, 2025risk 0.00cvss —epss 0.00
A vulnerability has been found in easysoft zentaopms 21.5_20250307 and classified as critical. This vulnerability affects the function Edit of the file /index.php?m=editor&f=edit&filePath=cGhhcjovLy9ldGMvcGFzc3dk&action=edit of the component Committer. The manipulation of the…
- CVE-2023-44826Oct 10, 2023risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script.