Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-09-04T20:00:00

Updated: 2024-08-05T19:20:40.278Z

Reserved: 2017-09-04T00:00:00

Link: CVE-2017-14123

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-09-04T20:29:00.197

Modified: 2024-11-21T03:12:11.170

Link: CVE-2017-14123

cve-icon Redhat

No data.