CNNVD-202511-1559 Information
CNNVD ID
CNNVD-202511-1559
Related CVE
- CNNVD Published: 2025-11-13
Description (Chinese)
ZenTao Biz等都是中国禅道(ZenTao)公司的一个项目管理软件。 ZenTao多款产品存在安全漏洞,该漏洞源于对文件/zentao/user-login.html中参数account的验证不足,可能导致SQL注入攻击。以下产品及版本受到影响:ZenTao Biz 6.5之前版本、ZenTao Max 3.0之前版本、ZenTao Open Source Edition 16.5之前版本和16.5.beta1之前版本。
Description (English)
Zentao Biz and others are a project management software for Zentao. There is a safety gap in Zentao ’ s multiple products, which stems from inadequate verification of the argument account in the document/zentao/user-login.html, which could lead to an attack on SQL. The following products and versions were affected: pre-ZenTao Biz 6.5, pre-ZenTao Max 3.0, pre-ZenTao Open Service 16.5 and pre-16.5 Beta1.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
禅道
Published
2025-11-13
Last Modified
2026-02-24
References
https://www.zentao.pm/download/zentao-community-edition-release-30-1172.html https://www.vulncheck.com/advisories/zentao-biz-max-and-open-source-edition-sqli-via-user-login https://www.zentao.pm/download/zentao-community-edition-release-65-1171.html https://www.zentao.pm/download/zentao-community-edition-release-1651-1143.html https://www.cnvd.org.cn/flaw/show/CNVD-2022-42853 https://www.zentao.pm/download/zentao-community-edition-release-165-1170.html https://access.redhat.com/security/cve/cve-2022-4984