CVE-2022-47745 Information

Description

ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user you can complete SQL injection by constructing a special request and sending it to function importNotice.

Reference

https://github.com/l3s10n/ZenTaoPMS_SqlInjection https://github.com/easysoft/zentaopms/issues/106