An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-05-23T15:32:59

Updated: 2024-08-05T18:12:40.382Z

Reserved: 2017-07-22T00:00:00

Link: CVE-2017-11561

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-05-23T16:29:08.073

Modified: 2024-11-21T03:08:01.430

Link: CVE-2017-11561

cve-icon Redhat

No data.