exploitDog

CVE-2024-24202

Опубликовано: 08 фев. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file.

Ссылки

https://clammy-blizzard-8ef.notion.site/Zentao-PMS-Authorized-Remote-Code-Execution-Vulnerability-1077a870c92848e18fe0c139c4fc2176
Exploit
Third Party Advisory
https://clammy-blizzard-8ef.notion.site/Zentao-PMS-Authorized-Remote-Code-Execution-Vulnerability-1077a870c92848e18fe0c139c4fc2176
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:easycorp:zentao:18.10:*:*:*:community:*:*:*

cpe:2.3:a:easycorp:zentao_biz:8.10:*:*:*:*:*:*:*

cpe:2.3:a:easycorp:zentao_max:4.10:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00115

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-c493-5mp7-c24q

CVSS3: 9.8

github

почти 2 года назад

An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file.

EPSS

Процентиль: 31%

0.00115

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

CWE-434