Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-12-04T17:00:00

Updated: 2024-08-06T12:03:02.352Z

Reserved: 2014-09-01T00:00:00

Link: CVE-2014-6036

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-12-04T17:59:04.673

Modified: 2024-11-21T02:13:38.467

Link: CVE-2014-6036

cve-icon Redhat

No data.