CVE-2024-24202

An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:easycorp:zentao:18.10:*:*:*:community:*:*:*
cpe:2.3:a:easycorp:zentao_biz:8.10:*:*:*:*:*:*:*
cpe:2.3:a:easycorp:zentao_max:4.10:*:*:*:*:*:*:*

History

21 Nov 2024, 08:59

Type Values Removed Values Added
References () https://clammy-blizzard-8ef.notion.site/Zentao-PMS-Authorized-Remote-Code-Execution-Vulnerability-1077a870c92848e18fe0c139c4fc2176 - Exploit, Third Party Advisory () https://clammy-blizzard-8ef.notion.site/Zentao-PMS-Authorized-Remote-Code-Execution-Vulnerability-1077a870c92848e18fe0c139c4fc2176 - Exploit, Third Party Advisory

15 Feb 2024, 15:24

Type Values Removed Values Added
CPE cpe:2.3:a:easycorp:zentao_max:4.10:*:*:*:*:*:*:*
cpe:2.3:a:easycorp:zentao:18.10:*:*:*:community:*:*:*
cpe:2.3:a:easycorp:zentao_biz:8.10:*:*:*:*:*:*:*
References () https://clammy-blizzard-8ef.notion.site/Zentao-PMS-Authorized-Remote-Code-Execution-Vulnerability-1077a870c92848e18fe0c139c4fc2176 - () https://clammy-blizzard-8ef.notion.site/Zentao-PMS-Authorized-Remote-Code-Execution-Vulnerability-1077a870c92848e18fe0c139c4fc2176 - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-434
First Time Easycorp
Easycorp zentao
Easycorp zentao Biz
Easycorp zentao Max

08 Feb 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-08 05:15

Updated : 2024-11-21 08:59


NVD link : CVE-2024-24202

Mitre link : CVE-2024-24202

CVE.ORG link : CVE-2024-24202


JSON object : View

Products Affected

easycorp

  • zentao
  • zentao_max
  • zentao_biz
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type