CVE-2020-7361
published 2020-08-06CVE-2020-7361: The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the…
PriorityP271high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
17.22%
96.7th percentile
The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the ZenTao dashboard, attackers may construct and send arbitrary OS commands via the POST parameter 'path', and those commands will run in an elevated SYSTEM context on the underlying Windows operating system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| easycorp | zentao_pro | <= 8.8.2 | — |
| easycorp | zentao_pro | 8.8.2 – 8.8.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP POST requests targeting the path '/pro/repo-create.html' for OS command injection patterns in the 'path' parameter (corresponding to the 'Client Path' input field). ↗
- →Alert on SYSTEM-level process spawning from the ZenTao/XAMPP web server process on Windows, which may indicate successful exploitation of this command injection vulnerability. ↗
- →Look for authenticated POST requests to '/pro/repo-create.html' (CI>Repo 'Repo Create' function) with shell metacharacters or command sequences in the 'path' POST parameter. ↗
- ·Exploitation requires valid ZenTao admin credentials — unauthenticated exploitation is not possible. Detection should account for the authentication step preceding the injection request. ↗
- ·Vulnerability and exploit testing is confirmed only against Windows environments running XAMPP; behavior on other platforms is not documented in these sources. ↗
- ·Affected versions are ZenTao Pro 8.8.2 and earlier; scope of affected versions beyond 8.8.2 is not specified in these sources. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2020-08-06
Published