CVE-2020-7361

Name of the Vulnerable Software and Affected Versions EasyCorp ZenTao Pro (affected versions not specified)

Description The issue concerns an OS command injection vulnerability in the '/pro/repo-create.html' component of the EasyCorp ZenTao Pro application. After authentication to the ZenTao dashboard, attackers can construct and send arbitrary OS commands via the path parameter in a POST request. These commands will run in an elevated SYSTEM context on the underlying Windows operating system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.