CVE-2025-50857

Publication date

2026-02-26 00:00:00

Family

mitre

State

PUBLISHED

Description

ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload