Primary

Context

ZenTaoPMS Directory Traversal Vulnerability Allowing Remote Code Execution

Vulnerability

A directory traversal vulnerability has been identified in ZenTaoPMS versions 18.11 through 21.6.beta. The issue resides in the file '/module/ai/control.php', where attackers can execute arbitrary code by uploading a crafted file.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where ZenTaoPMS is installed.

Reproduction

To reproduce this vulnerability, upload a malicious file designed to exploit the directory traversal flaw in 'module/ai/control.php'. The crafted file upload should be able to execute arbitrary code on the server.

Added: Feb 26, 2026, 5:26 PM

Updated: Feb 26, 2026, 8:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.0

remediation

0.0

relevance

3.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.0

remediation

0.0

relevance

3.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ZenTaoPMS Directory Traversal Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating