OpenCVE

An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Easycorp	Zentao Zentao Biz Zentao Max

Configuration 1 [-]

OR	cpe:2.3:a:easycorp:zentao:::::community:::*
	cpe:2.3:a:easycorp:zentao_biz::::::::
	cpe:2.3:a:easycorp:zentao_max::::::::

No data.

References

Link	Providers
https://spotted-topaz-6aa.notion.site/Zentao-Authorized-Remote-Code-Execution-Vulnerability-CVE-2023-44827-be731cbe8607496cae35c08cb9ba2436

History

Thu, 19 Sep 2024 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-10-10T00:00:00

Updated: 2024-09-19T14:11:51.631Z

Reserved: 2023-10-02T00:00:00

Link: CVE-2023-44827

Vulnrichment

Updated: 2024-08-02T20:07:33.495Z

NVD

Status : Modified

Published: 2023-10-10T03:15:09.873

Modified: 2024-11-21T08:26:04.137

Link: CVE-2023-44827

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:easycorp:zentao:*:*:*:*:community:*:*:*", "matchCriteriaId": "C222DB5A-BB7D-489A-918B-B01BF68AD36B", "versionEndIncluding": "18.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:easycorp:zentao_biz:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CA03737-0599-4DA3-8427-11FF6D71EA63", "versionEndIncluding": "8.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:easycorp:zentao_max:*:*:*:*:*:*:*:*", "matchCriteriaId": "433DFC48-5CF9-42F9-8436-BEF83A0CC11B", "versionEndIncluding": "4.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function."}, {"lang": "es", "value": "Un problema en ZenTao Community Edition v.18.6 y anteriores, ZenTao Biz v.8.6 y anteriores, ZenTao Max v.4.7 y anteriores permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado para la funci\u00f3n Office Conversion Settings."}], "id": "CVE-2023-44827", "lastModified": "2024-11-21T08:26:04.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-10T03:15:09.873", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://spotted-topaz-6aa.notion.site/Zentao-Authorized-Remote-Code-Execution-Vulnerability-CVE-2023-44827-be731cbe8607496cae35c08cb9ba2436"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://spotted-topaz-6aa.notion.site/Zentao-Authorized-Remote-Code-Execution-Vulnerability-CVE-2023-44827-be731cbe8607496cae35c08cb9ba2436"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}