An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file.
References
Link | Resource |
---|---|
https://clammy-blizzard-8ef.notion.site/Zentao-PMS-Authorized-Remote-Code-Execution-Vulnerability-1077a870c92848e18fe0c139c4fc2176 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2024-02-08T00:00:00
Updated: 2024-02-08T04:52:39.908073
Reserved: 2024-01-25T00:00:00
Link: CVE-2024-24202
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-02-08T05:15:08.593
Modified: 2024-02-15T15:24:30.247
Link: CVE-2024-24202
JSON object: View
Redhat Information
No data.
CWE