3 matches found
CVE-2019-11678
The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection...
CVE-2019-11678
The CVE-2019-11678 entry concerns Zoho ManageEngine Firewall Analyzer. The issue is a SQL Injection vulnerability in the product’s default reports feature, affecting versions prior to 12.3 Build 123218. Root cause is not elaborated beyond the SQL Injection vector in the affected feature. Impact i...
Unrestricted file upload
Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by...