Vulnerabilities > Easycorp > Zentao BIZ
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-08 | CVE-2024-24202 | Unrestricted Upload of File with Dangerous Type vulnerability in Easycorp Zentao, Zentao BIZ and Zentao MAX An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file. | 9.8 |
| 2023-10-10 | CVE-2023-44827 | Command Injection vulnerability in Easycorp Zentao, Zentao BIZ and Zentao MAX An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function. | 8.8 |