Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-12-04T17:00:00
Updated: 2024-08-06T12:03:02.352Z
Reserved: 2014-09-01T00:00:00
Link: CVE-2014-6036
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-12-04T17:59:04.673
Modified: 2024-11-21T02:13:38.467
Link: CVE-2014-6036
Redhat
No data.