Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter.
CPE | Name | Operator | Version |
---|---|---|---|
manageengine_opstor | le | 8.3 |