CVE-2017-11561: Malicious File Upload
First published: Thu May 23 2019(Updated: )
An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Opmanager | =12.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2017-11561.
What is the severity of CVE-2017-11561?
The severity of CVE-2017-11561 is medium with a severity value of 6.5.
What software is affected by CVE-2017-11561?
ZOHO ManageEngine OpManager version 12.2 is affected by CVE-2017-11561.
What is the impact of CVE-2017-11561?
A malicious user can upload a web shell by abusing the file upload functionality in the "Group Chat" or "Alarm" section of ZOHO ManageEngine OpManager.
Is there a fix available for CVE-2017-11561?
A fix for CVE-2017-11561 is not specified in the provided information, please refer to the vendor's website for any available patches or updates.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- vendor/zohocorp
- canonical/zohocorp manageengine opmanager
- version/zohocorp manageengine opmanager/12.2