ZOHO ManageEngine SupportCenter Plus 操作系统命令注入漏洞

ZOHO ManageEngine SupportCenter Plus is a Web-based customer support software from ZOHO, Inc. It is used to allow organizations to efficiently manage customer requests, their account and contact information, service contracts, and provide an exceptional customer experience in the process. A...

PT-2023-18835 · Unknown · Supportcenter Plus

Name of the Vulnerable Software and Affected Versions: Support Center Plus version 11 Description: The issue is an OS Command injection vulnerability in Support Center Plus via Executor in Action when creating new schedules. Recommendations: For Support Center Plus version 11, consider disabling...

CVE-2023-23076

OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules...

CVE-2023-23076

CVE-2023-23076 affects ManageEngine SupportCenter Plus 11, where an OS command injection via the Executor in Action when creating new schedules allows unauthenticated or network-based exploitation (cvss3.1: 9.8). For affected versions, multiple sources indicate remediation through upgrading to Su...