This Metasploit module exploits a command injection vulnerability in ZenTao Pro 8.8.2 and earlier versions in order to execute arbitrary commands with SYSTEM privileges. Valid credentials for a ZenTao admin account are required. This module has been successfully tested against ZenTao 8.8.1 and 8.8.2 running on Windows 10 (XAMPP server).
191b945627084957824fcc0caf7eb0edfafb74b14433e38de0cb21c995667b52
ZenTao Pro version 8.8.2 suffers from a remote command injection vulnerability.
88047021ac7e39af78404eaf3bc03d029ca987e039a286560260a125bbf65e1f