← Back

Zentao Max

zentao_max

Vendor: Easycorp • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-24202
1Easycorp
3Zentao
Zentao BizZentao Max
Nov 21, 2024
Feb 8, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file.
CVE-2023-44827
1Easycorp
3Zentao
Zentao BizZentao Max
Nov 21, 2024
Oct 10, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings functio...Show more
An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function.Show less