Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-09-04T20:00:00
Updated: 2024-08-05T19:20:40.278Z
Reserved: 2017-09-04T00:00:00
Link: CVE-2017-14123
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-09-04T20:29:00.197
Modified: 2024-11-21T03:12:11.170
Link: CVE-2017-14123
Redhat
No data.