Vulnerabilities > Easycorp > Zentao > 18.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-08 | CVE-2024-24216 | Command Injection vulnerability in Easycorp Zentao Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php. | 9.8 |
| 2023-10-10 | CVE-2023-44826 | Cross-site Scripting vulnerability in Easycorp Zentao 18.6 Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script. | 5.4 |
| 2023-10-10 | CVE-2023-44827 | Command Injection vulnerability in Easycorp Zentao, Zentao BIZ and Zentao MAX An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function. | 8.8 |