| Description: | | ZenTao pms is a domestic open source project management software that focuses on R&D project management. It has built-in functions such as requirements management, task management, bug management, defect management, use case management, and plan release, completely covering the core processes of R&D project management. There is an identity authentication bypass vulnerability in the ZenTao project management system. A remote attacker can use this vulnerability to bypass identity authentication, call any API interface and change the password of the administrator user, log in to the system as the administrator user, and completely take over the server. The affected versions are: 16.x <= ZenTao Project Management System < 18.12 (open source version), 6.x <= ZenTao Project Management System < 8.12 (Enterprise Edition), 3.x <= ZenTao Project Management System < 4.12 (Ultimate Edition). |