Zoho ManageEngine ADManager Plus路径遍历漏洞

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and help desk technicians with day-to-day administrative tasks such as bulk management of user accounts and AD objects, assigning role-based access rights to help desk technicians, etc. A path traversal vulnerability exists in Zoho ManageEngine ADManager Plus versions 7110 and earlier, which is caused by a network system or product that fails to properly The vulnerability stems from the failure of a network system or product to properly filter special elements in a resource or file path, which can be exploited by an attacker to copy files from one directory to another.