| Description: | | ZenTaoPMS is a set of project management software developed by Nature Easy Soft Network Technology Company in order to solve the chaos and disorder in the management process of many enterprises.There is a remote command execution vulnerability in ZenTaoPMS, which originates from not quitting the program correctly in the authentication process, resulting in authentication bypass. There are a variety of ways to execute commands in the background, such as an attacker can specify the Subversion mode and directly splice commands through the client parameter to achieve unauthorized takeover of the server. The affected versions are: open source 17.4 to 18.0beta1, Ultimate 3.4 to 4.0.beta1, and Enterprise 7.4 to 8.0beta1. |