Vulnerabilities

CVE-2022-4984 - ZenTao Biz < 6.5, Max < 3.0, & Open Source Edition 16.5/16.5beta1 SQL Injection v...

2025-11-13 2 views admin

CVE ID : CVE-2022-4984 Published : Nov. 13, 2025, 8:15 p.m. | 1 hour, 28 minutes ago Description : ZenTao Biz < 6.5, ZenTao Max < 3.0, ZenTao Open Source Edition < 16.5, and ZenTao Open Source Edition < 16.5.beta1 contain an SQL injection vulnerability in the login functionality. The application does not properly validate the account parameter on /zentao/user-login.html before using it in a database query. A remote unauthenticated attacker can exploit this issue to execute crafted SQL expressions and retrieve sensitive information from the backend database, including user and application data. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-07 UTC. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2022-4984

Severity

HIGH

Published

Nov. 13, 2025

Impact: SQL injection

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2022-4984high

CVE-2022-4984 - ZenTao Biz < 6.5, Max < 3.0, & Open Source Edition 16.5/16.5beta1 SQL Injection v...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-15170 - Advaya Softech GEMS ERP Portal Error Message home.jsp cross site scripting

CVE-2025-15068 - Account Takeover in Gmission Web FAX

CVE-2025-15069 - Privilege Escalation in Gmission Web FAX

CVE-2025-15070 - Data Exposure in Gmission Web FAX

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting