PT-2026-8334 · Zentao · Zentao
Ez-Lbz
·
Published
2026-02-16
·
Updated
2026-02-16
·
CVE-2026-2551
CVSS v2.0
5.5
Medium
| AV:N/AC:L/Au:S/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ZenTao versions prior to 21.7.9
Description
A flaw exists in ZenTao up to version 21.7.8 related to path traversal. The issue is located within the
delete function of the editor/control.php file, part of the Backup Handler component. Manipulation of the fileName argument can lead to unauthorized file access. This issue can be triggered remotely, and details of the exploit are publicly available.Recommendations
Update to version 21.7.9 or later.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zentao