Vulnerabilities > Easycorp > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-08 | CVE-2024-24216 | Command Injection vulnerability in Easycorp Zentao Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php. | 9.8 |
| 2024-02-08 | CVE-2024-24202 | Unrestricted Upload of File with Dangerous Type vulnerability in Easycorp Zentao, Zentao BIZ and Zentao MAX An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file. | 9.8 |
| 2021-08-12 | CVE-2020-28165 | Unrestricted Upload of File with Dangerous Type vulnerability in Easycorp Zentao The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. | 9.8 |