Directory Traversal Vulnerabilities in ZOHO ManageEngine OpManager, IT360, and Social IT Plus
CVE-2014-7866

Currently unrated

Key Information:

Vendor

Zohocorp
Status
Manageengine Social It Plus
Vendor
CVE Published:
10 December 2014

What is CVE-2014-7866?

Multiple vulnerabilities in ZOHO ManageEngine OpManager, IT360, and Social IT Plus allow remote attackers or authenticated users to exploit directory traversal flaws. By manipulating the fileName and zipFileName parameters, an attacker could write and execute arbitrary files, potentially leading to remote code execution. These vulnerabilities pose significant risks, as they enable unauthorized file access and manipulation, which can compromise the integrity and confidentiality of the systems affected.

References

http://seclists.org/fulldisclosure/2014/Nov/21
mailing-listx_refsource_FULLDISC
https://raw.githubusercontent.com/pedrib/PoC/master/Manag...
x_refsource_MISC
http://www.securityfocus.com/archive/1/533946/100/0/threaded
mailing-listx_refsource_BUGTRAQ

EPSS Score

82% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.