Directory traversal

2022-08-1520:15:00

PRIOn knowledge base

www.prio-n.com

directory traversal

zdbqarefsubdir parameter

zoho manageengine analytics plus

remote attackers

arbitrary code

nvd

9.4 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.3%

JSON

Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.

CPENameOperatorVersion
manageengine_analytics_pluseq2.9 build2907
manageengine_analytics_pluseq2.9 build2906
manageengine_analytics_pluseq2.9 build2905
manageengine_analytics_pluseq2.9 build2904
manageengine_analytics_pluseq2.9 build2903
manageengine_analytics_pluseq2.9 build2902
manageengine_analytics_pluseq2.9 build2901
manageengine_analytics_pluseq2.9 build2900
manageengine_analytics_pluseq3.0 build3050
manageengine_analytics_pluseq3.0 build3040

Name	Operator	Version
manageengine_analytics_plus	eq	2.9 build2907
manageengine_analytics_plus	eq	2.9 build2906
manageengine_analytics_plus	eq	2.9 build2905
manageengine_analytics_plus	eq	2.9 build2904
manageengine_analytics_plus	eq	2.9 build2903
manageengine_analytics_plus	eq	2.9 build2902
manageengine_analytics_plus	eq	2.9 build2901
manageengine_analytics_plus	eq	2.9 build2900
manageengine_analytics_plus	eq	3.0 build3050
manageengine_analytics_plus	eq	3.0 build3040