A critical directory traversal vulnerability in ZenTaoPMS allows unauthenticated attackers to execute arbitrary code on the server through a crafted file upload.

The vulnerability is located in the /module/ai/control.php component. It allows for directory traversal, which an unauthenticated attacker can leverage to upload and execute arbitrary files, leading to full system compromise.

With a CVSS score of 9.8, this vulnerability represents a maximum-severity risk. A successful exploit allows for Remote Code Execution (RCE), giving attackers full access to the server, sensitive project management data, and the ability to pivot into the internal network.

Immediate Action: Update ZenTaoPMS to the latest stable version that addresses the directory traversal flaw in the AI module.

Proactive Monitoring: Scan the web server for unauthorized PHP files or shells, particularly in the /module/ai/ directory and temporary upload folders.

Compensating Controls: Implement a Web Application Firewall (WAF) with rules to block directory traversal patterns (e.g., ../) and restrict file upload types at the server level.

Public Exploit Available: No

Due to the potential for unauthenticated Remote Code Execution, this vulnerability must be addressed with the highest priority. Apply the vendor-provided security patches immediately to mitigate the risk of a complete server takeover.