Security Advisory

CVE-2017-14123

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-09-04 20:00:00

Last updated 2024-08-05 19:20:40

Assigner mitre

State PUBLISHED

Description

Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp.

← Browse all CVEs View on cve.org ↗