Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ZOHO ManageEngine EventLog Analyzer 路径遍历漏洞
Vulnerability Description
ZOHO ManageEngine EventLog Analyzer是美国卓豪(ZOHO)公司的一套系统、事件日志分析软件。该软件能够对全网范围内的主机、服务器、网络设备以及各种应用服务系统等产生的日志,进行全面收集和细致分析。 ZOHO ManageEngine EventLog Analyzer 9.0 build 9002版本和8.2 build 8020版本的agentUpload servlet中存在路径遍历漏洞,该漏洞源于程序解压文件时以不安全的方式处理文件名。远程攻击者可借助特制的压缩文件
CVSS Information
N/A
Vulnerability Type
N/A