Lucene search
MitreCVELIST:CVE-2020-11531HistoryMay 08, 2020 - 8:01 p.m.
CVE-2020-11531
2020-05-0820:01:36
mitre
www.cve.org
7
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot directory via directory traversal.
Related
nvd
nvd
CVE-2020-11531
2020-05-08 21:15:12
packetstorm
packetstorm
ManageEngine DataSecurity Plus Path Traversal / Code Execution
2020-05-08 00:00:00
cve
cve
CVE-2020-11531
2020-05-08 21:15:12
checkpoint_advisories
checkpoint_advisories
Zoho ManageEngine DataSecurity Plus Directory Traversal (CVE-2020-11531)
2020-06-05 00:00:00
prion
prion
Directory traversal
2020-05-08 21:15:00
zdt
zdt