Vulnerability Details CVE-2022-47745
ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function importNotice.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 84.6%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2022-47745
-
cpe:2.3:a:easycorp:zentao:16.4
-
cpe:2.3:a:easycorp:zentao:16.5
-
cpe:2.3:a:easycorp:zentao:17.0
-
cpe:2.3:a:easycorp:zentao:17.1
-
cpe:2.3:a:easycorp:zentao:17.2
-
cpe:2.3:a:easycorp:zentao:17.3
-
cpe:2.3:a:easycorp:zentao:17.4
-
cpe:2.3:a:easycorp:zentao:17.5
-
cpe:2.3:a:easycorp:zentao:17.6
-
cpe:2.3:a:easycorp:zentao:17.6.1
-
cpe:2.3:a:easycorp:zentao:17.7
-
cpe:2.3:a:easycorp:zentao:17.8
-
cpe:2.3:a:easycorp:zentao:18.0