Advertisement






Zoho ManageEngine OpManager 12.3 Arbitrary File Upload

CVE Category Price Severity
CVE-2018-18475 CWE-434 $3,000 High
Author Risk Exploitation Type Date
Rahul Pratap Singh High Remote 2018-10-20
CPE
cpe:cpe:/a:zoho:manageengine_opmanager:12.3
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.26465 0.4194

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018100174

Below is a copy:

Zoho ManageEngine OpManager 12.3 Arbitrary File Upload
I. VULNERABILITY
-------------------------
Zoho ManageEngine OpManager 12.3 allows Unrestricted Arbitrary File Upload

II. CVE REFERENCE
-------------------------
CVE-2018-18475

III. VENDOR
-------------------------
https://www.manageengine.com

IV. TIMELINE
-------------------------
19/09/18 Vulnerability discovered
19/09/18 Vendor contacted
16/10/2018 OPManager replay that they fixed

V. CREDIT
-------------------------
Murat Aydemir and Hakan Bayir at Biznet Bilisim A.S.

VI. DESCRIPTION
-------------------------
ManageEngine OPManager product(version 12.3) was allows to
arbitrary/unrestricted file upload. A successfully exploit of this
attack could allows remote code execution on target host.

VII. Remediation
-------------------------
Its recommended to update latest version of OPManager. Its fixed in
version 12.3 and Build No 123214

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.