CNNVD-202511-3062 Information

CNNVD ID

CNNVD-202511-3062

Related CVE

CVE-2025-13789

• CNNVD Published: 2025-11-30

Description (Chinese)

Nature Easy Soft Network Technology ZenTao是中国易软天创网络科技（Nature Easy Soft Network Technology）公司的一套开源项目管理软件。该软件包括产品管理、项目管理、质量管理和文档管理等功能。 Nature Easy Soft Network Technology ZenTao 21.7.6-8564及之前版本存在代码问题漏洞，该漏洞源于对文件module/ai/model.php中参数Base的错误操作，可能导致服务端请求伪造。

Description (English)

Nature Easy Soft Network Technology Zentao is an open-source project management software for Chinese company Nasty Soft Network Technology. The software includes functions such as product management, project management, quality management and document management. There is a code gap in Nature Easy Soft Network Technology ZenTao 21.7.6-8564 and earlier versions, which stems from an error in the operation of Base, the parameter in document Modeule/ai/moder.php, which may result in the forgery of service requests.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

易软天创网络科技

Published

2025-11-30

Last Modified

2026-02-24

References

https://github.com/ez-lbz/ez-lbz.github.io/issues/2#issue-3598317459 https://vuldb.com/?ctiid.333793 https://vuldb.com/?id.333793 https://github.com/ez-lbz/ez-lbz.github.io/issues/2#issuecomment-3540247346 https://vuldb.com/?submit.690728 https://www.zentao.net/extension-viewext-6.html https://access.redhat.com/security/cve/cve-2025-13789