search

easysoft / zentaopms

Zentao is an agile(scrum) project management system/tool, Free Upgrade Forever!​
http://www.zentao.pm
Other
1.29k stars 322 forks source link

There is a remote command execution vulnerability after login(存在后台远程命令执行漏洞) #133

Closed l3s10n closed 3 months ago

l3s10n commented 7 months ago

描述 (Description)

详情见:“https://github.com/l3s10n/ZenTaoPMS_RCE

期望 (Expectation)

修复漏洞

结果 (Result)

后台命令执行

软件版本 (Software version)

18.0 - 18.10

fireware commented 3 months ago

新版本已修复,建议升级到 18.12 版本,点击下载