PT-2026-8334 · Zentao · Zentao
Ez-Lbz
·
Publicado
2026-02-16
·
Atualizado
2026-02-16
·
CVE-2026-2551
CVSS v2.0
5.5
Média
| Vetor | AV:N/AC:L/Au:S/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ZenTao versions prior to 21.7.9
Description
A flaw exists in ZenTao up to version 21.7.8 related to path traversal. The issue is located within the
delete function of the editor/control.php file, part of the Backup Handler component. Manipulation of the fileName argument can lead to unauthorized file access. This issue can be triggered remotely, and details of the exploit are publicly available.Recommendations
Update to version 21.7.9 or later.
Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Zentao