Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and previous versions, Social IT Plus 11.0, and IT360 10.3, 10.4, and previous versions allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zohocorp manageengine opmanager |
||
zohocorp manageengine it360 |
||
zohocorp manageengine it360 10.3.0 |
||
zohocorp manageengine social it plus 11.0 |