{"id":"CVE-2023-44827","details":"An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function.","modified":"2026-04-11T12:46:07.793282Z","published":"2023-10-10T03:15:09.873Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"8.6"}],"cpe":"cpe:2.3:a:easycorp:zentao_biz:*:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"4.7"}],"cpe":"cpe:2.3:a:easycorp:zentao_max:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}]},"references":[{"type":"EVIDENCE","url":"https://spotted-topaz-6aa.notion.site/Zentao-Authorized-Remote-Code-Execution-Vulnerability-CVE-2023-44827-be731cbe8607496cae35c08cb9ba2436"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/easysoft/zentaopms","events":[{"introduced":"0"},{"last_affected":"af1ff8bf61db20c681417a6bcf198ab9db4ad7ba"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"18.6"}],"cpe":"cpe:2.3:a:easycorp:zentao:*:*:*:*:community:*:*:*","source":"CPE_FIELD"}}],"versions":["zentao_11.2_build1_20190128","zentaopms_10.1_20180716","zentaopms_10.3.1_20180907","zentaopms_10.3_20170809","zentaopms_10.4.stable_20180928","zentaopms_10.5.1_20181105","zentaopms_10.6.stable_20181120","zentaopms_11.0.stable_20181221","zentaopms_11.1.stable_20190104","zentaopms_11.4.stable_20190325","zentaopms_11.5.stable_20190508","zentaopms_11.6.0.beta1_20190705","zentaopms_11.6.1_20190823","zentaopms_11.6.2_20190906","zentaopms_11.6.3_20190924","zentaopms_11.6.4_20191017","zentaopms_11.7.stable_20191129","zentaopms_12.0.stable_20200103","zentaopms_12.3.2_20200601","zentaopms_12.3.3_20200707","zentaopms_13.0._20201022","zentaopms_13.0.alpha1_20201103","zentaopms_13.0.alpha2_20201123","zentaopms_13.0.beta1_20201201","zentaopms_13.0.beta4_20210202","zentaopms_13.beta2_20201218","zentaopms_15.0.1_20210606","zentaopms_15.2_20210720","zentaopms_15.3_20210804","zentaopms_15.4_20210823","zentaopms_15.5_20210914","zentaopms_15.7.1_20211102","zentaopms_15.8_20211122","zentaopms_16.0","zentaopms_16.0.beta1","zentaopms_16.0.beta1_20211207","zentaopms_16.2","zentaopms_16.3","zentaopms_16.4","zentaopms_16.5.beta1","zentaopms_17.0","zentaopms_17.1","zentaopms_17.6","zentaopms_17.6.2","zentaopms_17.7","zentaopms_17.8","zentaopms_18.0.beta1","zentaopms_18.0.beta2","zentaopms_18.1","zentaopms_18.3","zentaopms_18.4","zentaopms_18.4.alpha1","zentaopms_18.4.beta1","zentaopms_18.5","zentaopms_18.6","zentaopms_20.0._20201022","zentaopms_20.0.alpha1_20201103","zentaopms_20.0.alpha2_20201123","zentaopms_20.0.alpha_20201030_1","zentaopms_20.0.beta1_20201201","zentaopms_20.0.beta4_20210202","zentaopms_20.beta2_20201218","zentaopms_4.3.beta_20130805","zentaopms_5.0.beta1_20130809","zentaopms_6.0.beta1_20140503","zentaopms_6.0.stable_20140625","zentaopms_6.1.stable_20140805","zentaopms_6.1.stable_20140806","zentaopms_6.2.stable_20140827","zentaopms_6.3.stable_20141107","zentaopms_6.4.stable_20141223","zentaopms_7.0.stable_20150206","zentaopms_7.1.stable_20150317","zentaopms_7.2.4_20150703","zentaopms_7.2.5_20150807","zentaopms_7.2.stable_20150525","zentaopms_7.3.stable_20150918","zentaopms_8.0.1_20151224","zentaopms_8.0.stable_20151127","zentaopms_8.1.3_20160323","zentaopms_8.1.stable_20160315","zentaopms_8.2.1_20160524","zentaopms_8.2.2_20160608","zentaopms_8.2.3_20160624","zentaopms_8.2.4_20160628","zentaopms_8.2.5_20160805","zentaopms_8.2.6_20160913","zentaopms_8.2.beta_20160504","zentaopms_8.2.stable_20160517","zentaopms_8.3.4_20160628","zentaopms_8.3.stable_20161109","zentaopms_8.4.1_20161212","zentaopms_8.4.stable_20161206","zentaopms_9.0.1_20170215","zentaopms_9.0.stable_20170117","zentaopms_9.1.1_20170410","zentaopms_9.1.2_20170419","zentaopms_9.2.1_20170522","zentaopms_9.2.stable_20170516","zentaopms_9.3.beta_20170627","zentaopms_9.4_20170726","zentaopms_9.5.1_20170927","zentaopms_9.6.1_20171113","zentaopms_9.6_20171106"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-44827.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}