Easycorp: >> Zentao Max Security Vulnerabilities
An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-08
An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-10-10