VYPR
Vendor

Easycorp

Products
2
CVEs
10
Across products
10
Status
Private

Products

2

Recent CVEs

10
  • CVE-2020-28165CriAug 12, 2021
    risk 0.64cvss 9.8epss 0.01

    The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function.

  • CVE-2021-27556HigAug 31, 2021
    risk 0.47cvss 7.2epss 0.04

    The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System.

  • CVE-2024-2828MedMar 22, 2024
    risk 0.41cvss 6.3epss 0.01

    A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Affected is the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to server-side…

  • CVE-2024-2827MedMar 22, 2024
    risk 0.41cvss 6.3epss 0.01

    A vulnerability, which was classified as critical, has been found in lakernote EasyAdmin up to 20240315. This issue affects some unknown processing of the file /ureport/designer/saveReportFile. The manipulation leads to server-side request forgery. The attack may be initiated…

  • CVE-2024-2826MedMar 22, 2024
    risk 0.41cvss 6.3epss 0.01

    A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The…

  • CVE-2024-2825MedMar 22, 2024
    risk 0.41cvss 6.3epss 0.01

    A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. This affects an unknown part of the file /ureport/designer/saveReportFile. The manipulation of the argument file leads to path traversal: '../filedir'. It is possible to initiate the…

  • CVE-2021-27558MedAug 31, 2021
    risk 0.40cvss 6.1epss 0.01

    A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator.

  • CVE-2021-27557MedAug 31, 2021
    risk 0.28cvss 4.3epss 0.00

    A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job.

  • CVE-2024-3081LowMar 29, 2024
    risk 0.16cvss 3.5epss 0.01

    A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross…

  • CVE-2020-7361CriAug 6, 2020
    risk 0.04cvss 9.6epss 0.17

    The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the ZenTao dashboard, attackers may construct and send arbitrary OS commands via the POST parameter 'path', and those commands…