CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-24202

An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 31.0%

CVSS Severity

CVSS v3 Score 9.8

References

https://clammy-blizzard-8ef.notion.site/Zentao-PMS-Authorized-Remote-Code-Execution-Vulnerability-1077a870c92848e18fe0c139c4fc2176
https://clammy-blizzard-8ef.notion.site/Zentao-PMS-Authorized-Remote-Code-Execution-Vulnerability-1077a870c92848e18fe0c139c4fc2176

Products affected by CVE-2024-24202

Easycorp » Zentao » Version: 18.10

cpe:2.3:a:easycorp:zentao:18.10
Easycorp » Zentao Biz » Version: 8.10

cpe:2.3:a:easycorp:zentao_biz:8.10
Easycorp » Zentao Max » Version: 4.10

cpe:2.3:a:easycorp:zentao_max:4.10

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-24202

Products

Pricing

Contact Us