{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "16.4"
              },
              {
                "fixed": "18.0"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "18.0-beta1"
              }
            ]
          },
          "events": [
            {
              "introduced": "562b983c697d3553f33e4b2a225c6f21f003d230"
            },
            {
              "fixed": "41d8faab5bc42969a697466597265ad6f3172672"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "f4286ebdc08164ef17ecba64a8830f797101b52a"
            }
          ],
          "repo": "https://github.com/easysoft/zentaopms",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function importNotice.",
  "id": "CVE-2022-47745",
  "modified": "2026-03-13T21:58:01.408284536Z",
  "published": "2023-01-19T18:15:15.133Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://github.com/easysoft/zentaopms/issues/106"
    },
    {
      "type": "EVIDENCE",
      "url": "https://github.com/l3s10n/ZenTaoPMS_SqlInjection"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}