VYPR

Zentao Pro

by Easycorp

CVEs (5)

  • CVE-2020-28165CriAug 12, 2021
    risk 0.64cvss 9.8epss 0.01

    The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function.

  • CVE-2021-27556HigAug 31, 2021
    risk 0.47cvss 7.2epss 0.04

    The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System.

  • CVE-2021-27558MedAug 31, 2021
    risk 0.40cvss 6.1epss 0.01

    A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator.

  • CVE-2021-27557MedAug 31, 2021
    risk 0.28cvss 4.3epss 0.00

    A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job.

  • CVE-2020-7361CriAug 6, 2020
    risk 0.04cvss 9.6epss 0.17

    The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the ZenTao dashboard, attackers may construct and send arbitrary OS commands via the POST parameter 'path', and those commands…