Vulnerabilities (CVE)

Filtered by vendor Easycorp Subscribe
Filtered by product Zentao Biz
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-24202 1 Easycorp 3 Zentao, Zentao Biz, Zentao Max 2024-11-21 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file.
CVE-2023-44827 1 Easycorp 3 Zentao, Zentao Biz, Zentao Max 2024-11-21 N/A 8.8 HIGH
An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function.