ManageEngine OpManager 漏洞列表

共找到 3 个与 ManageEngine OpManager 相关的漏洞

📅 加载漏洞趋势中...

CVE-2018-17283: Zoho ManageEngine OpManager - SQL Injection POC

日期: 2025-08-01 | 影响软件: Zoho ManageEngine OpManager

Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter.
CVE-2020-12116: Zoho ManageEngine OpManger - Arbitrary File Read POC

日期: 2025-08-01 | 影响软件: Zoho ManageEngine OpManager

Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a specially crafted request.
CVE-2023-47211: ManageEngine OpManager - Directory Traversal POC

日期: 2025-08-01 | 影响软件: ManageEngine OpManager

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.