PT-2026-22159 · Zentaopms · Zentaopms
Published
2026-02-26
·
Updated
2026-03-03
·
CVE-2025-50857
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ZenTaoPMS versions 18.11 through 21.6.beta
Description
ZenTaoPMS versions 18.11 through 21.6.beta contain a Directory Traversal flaw in the
/module/ai/control.php file. This allows attackers to execute arbitrary code by uploading a specially crafted file. The vulnerable file is /module/ai/control.php. The vulnerability is triggered through file upload functionality.Recommendations
Versions prior to 18.11 or after 21.6.beta should be used.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zentaopms