CVE-2017-14123

EUVD-2017-5635
Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
zohocorpmanageengine_firewall_analyzer
12.2:12200
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://blogs.securiteam.com/index.php/archives/3228
https://pitstop.manageengine.com/portal/kb/articles/latest-consolidated-patch
https://blogs.securiteam.com/index.php/archives/3228
https://pitstop.manageengine.com/portal/kb/articles/latest-consolidated-patch