← volver
CVE-2020-7361

ZenTao Pro Command Injection

CVSS 9.6 CRITICALEPSS 17.2%CWE-78
Vexday Risk Score
48Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 9.6EPSS 17.2%KEV nãoPoC Nuclei Metasploit simPatch
Ciclo de vida
20 jun 2020Exploit Metasploit disponible
06 ago 2020Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the ZenTao dashboard, attackers may construct and send arbitrary OS commands via the POST parameter 'path', and those commands will run in an elevated SYSTEM context on the underlying Windows operating system.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Productos afectados
EasyCorp · ZenTao Pro

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/rapid7/metasploit-framework/pull/13828