Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php.
CVSS Score
9.8
EPSS Score
0.068
Published
2024-02-08
Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter
CVSS Score
6.1
EPSS Score
0.002
Published
2023-04-04
ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function importNotice.
CVSS Score
8.8
EPSS Score
0.025
Published
2023-01-19