← back
CVE-2026-2552

ZenTao Editor control.php delete path traversal

CVSS 5.1 MEDIUMEPSS 0.4%CWE-22
A vulnerability was identified in ZenTao up to 21.7.8. Affected by this issue is the function delete of the file editor/control.php of the component Committer. Such manipulation of the argument filePath leads to path traversal. Upgrading to version 21.7.9 can resolve this issue. The affected component should be upgraded.
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
Affected products
n/a · ZenTao

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/ez-lbz/ez-lbz.github.io/issues/11https://github.com/ez-lbz/ez-lbz.github.io/issues/11#issuecomment-3876278793https://vuldb.com/?ctiid.346161https://vuldb.com/?id.346161https://vuldb.com/?submit.749985