CVE-2021-27556

September 5, 2021

The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System.

Summary:

The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System.

Reference Links(if available):

  • https://privasec.com/blog/zentao-cms-a-monkeys-journey-to-priv-esc-remote-code-execution/

  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:S/C:C/I:C/A:C

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

    Links to Exploits(if available)

  • You may have missed

    CISA Logo

    CISA: CISA Adds One Known Exploited Vulnerability to Catalog

    November 19, 2024
    CISA Logo

    CISA: CISA Adds One Known Exploited Vulnerability to Catalog

    November 19, 2024
    CISA Logo

    CISA: CISA Adds One Known Exploited Vulnerability to Catalog

    November 19, 2024
    CISA Logo

    CISA: Cisco Releases Security Bundle for Cisco ASA, FMC, and FTD Software

    November 19, 2024
    CISA Logo

    CISA: CISA Releases One Industrial Control Systems Advisory

    November 19, 2024