Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot directory via directory traversal.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ZOHO ManageEngine DataSecurity Plus DataEngine Xnode Server应用程序路径遍历漏洞
Vulnerability Description
ZOHO ManageEngine DataSecurity Plus是美国卓豪(ZOHO)公司的一套敏感数据管理解决方案。该产品具有数据防泄漏、数据风险评估和文件服务器审核等功能。 Zoho ManageEngine DataSecurity Plus 6.0.1之前版本中的DataEngine Xnode Server应用程序存在安全漏洞,该漏洞源于程序在处理DR-SCHEMA-SYNC请求时没有验证数据库架构(schema)名称。攻击者可通过目录遍历将JSP文件写入webroot目录利用该漏洞在产品
CVSS Information
N/A
Vulnerability Type
N/A