Podatność CVE-2014-7866

Podatność CVE-2014-7866

Publikacja: 2014-12-10

Opis:

	Tytuł	Autor	Data
High	ManageEngine OpManager / Social IT Plus / IT360 File Upload / SQL Injection	Pedro Ribeiro	11.11.2014
Med.	ManageEngine OpManager / Social IT Plus / IT360 Multiple Vulnerabilities	Agile	26.01.2018

Typ:

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

Ogólna skala CVSS	Znaczenie	Łatwość wykorzystania
7.5/10	6.4/10	10/10

Affected software
Zohocorp -> Manageengine it360
Zohocorp -> Manageengine opmanager
Zohocorp -> Manageengine social it plus

http://packetstormsecurity.com/files/129037/ManageEngine-OpManager-Social-IT-Plus-IT360-File-Upload-SQL-Injection.html

http://seclists.org/fulldisclosure/2014/Nov/21

http://www.securityfocus.com/archive/1/533946/100/0/threaded

https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt

https://support.zoho.com/portal/manageengine/helpcenter/articles/fix-for-remote-code-execution-via-file-upload-vulnerability