Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zoho ManageEngine Firewall Analyzer Group Chat 代码问题漏洞
Vulnerability Description
Zoho ManageEngine Firewall Analyzer是美国卓豪(ZOHO)公司的一套基于Web的防火墙日志分析工具,它能收集、关联分析和汇报整个企业范围内的防火墙、proxy伺服器和Radius伺服器上的日志。Group Chat是其中的一个团队交流工具。 Zoho ManageEngine Firewall Analyzer 12200版本中的Group Chat存在任意文件上传漏洞。攻击者可通过上传PHP文件利用该漏洞执行文件。
CVSS Information
N/A
Vulnerability Type
N/A