{"id":"CVE-2021-27557","details":"A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job.","modified":"2026-04-10T04:56:38.878248Z","published":"2021-08-31T03:15:06.363Z","references":[{"type":"EVIDENCE","url":"https://privasec.com/blog/zentao-cms-a-monkeys-journey-to-priv-esc-remote-code-execution/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/easysoft/zentaopms","events":[{"introduced":"0"},{"last_affected":"2422e1f0d4eacf1cfcbdf2ed7e1bd4f894d550f5"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"12.5.3"}]}}],"versions":["zentao_11.2_build1_20190128","zentaopms_10.1_20180716","zentaopms_10.3.1_20180907","zentaopms_10.3_20170809","zentaopms_10.4.stable_20180928","zentaopms_10.5.1_20181105","zentaopms_10.6.stable_20181120","zentaopms_11.0.stable_20181221","zentaopms_11.1.stable_20190104","zentaopms_11.4.stable_20190325","zentaopms_11.5.stable_20190508","zentaopms_11.6.0.beta1_20190705","zentaopms_11.6.1_20190823","zentaopms_11.6.2_20190906","zentaopms_11.6.3_20190924","zentaopms_11.6.4_20191017","zentaopms_11.7.stable_20191129","zentaopms_12.0.stable_20200103","zentaopms_12.3.2_20200601","zentaopms_12.3.3_20200707","zentaopms_12.4.1_20200811","zentaopms_12.4.2_20200915","zentaopms_12.5.1_20201130","zentaopms_12.5.2_20201218","zentaopms_12.5.3_20210108","zentaopms_12.5.stable_20201120","zentaopms_4.3.beta_20130805","zentaopms_5.0.beta1_20130809","zentaopms_6.0.beta1_20140503","zentaopms_6.0.stable_20140625","zentaopms_6.1.stable_20140805","zentaopms_6.1.stable_20140806","zentaopms_6.2.stable_20140827","zentaopms_6.3.stable_20141107","zentaopms_6.4.stable_20141223","zentaopms_7.0.stable_20150206","zentaopms_7.1.stable_20150317","zentaopms_7.2.4_20150703","zentaopms_7.2.5_20150807","zentaopms_7.2.stable_20150525","zentaopms_7.3.stable_20150918","zentaopms_8.0.1_20151224","zentaopms_8.0.stable_20151127","zentaopms_8.1.3_20160323","zentaopms_8.1.stable_20160315","zentaopms_8.2.1_20160524","zentaopms_8.2.2_20160608","zentaopms_8.2.3_20160624","zentaopms_8.2.4_20160628","zentaopms_8.2.5_20160805","zentaopms_8.2.6_20160913","zentaopms_8.2.beta_20160504","zentaopms_8.2.stable_20160517","zentaopms_8.3.4_20160628","zentaopms_8.3.stable_20161109","zentaopms_8.4.1_20161212","zentaopms_8.4.stable_20161206","zentaopms_9.0.1_20170215","zentaopms_9.0.stable_20170117","zentaopms_9.1.1_20170410","zentaopms_9.1.2_20170419","zentaopms_9.2.1_20170522","zentaopms_9.2.stable_20170516","zentaopms_9.3.beta_20170627","zentaopms_9.4_20170726","zentaopms_9.5.1_20170927","zentaopms_9.6.1_20171113","zentaopms_9.6_20171106"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27557.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}