Arbitrary File Upload Vulnerability in ZOHO ManageEngine OpManager 12.2

Arbitrary File Upload Vulnerability in ZOHO ManageEngine OpManager 12.2

CVE-2017-11561 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:N

An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.

Learn more about our Web App Pen Testing.