Zoho ManageEngine OpManager 漏洞列表

共找到 2 个与 Zoho ManageEngine OpManager 相关的漏洞

📅 加载漏洞趋势中...

CVE-2018-17283: Zoho ManageEngine OpManager - SQL Injection POC

日期: 2025-08-01 | 影响软件: Zoho ManageEngine OpManager

Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter.
CVE-2020-12116: Zoho ManageEngine OpManger - Arbitrary File Read POC

日期: 2025-08-01 | 影响软件: Zoho ManageEngine OpManager

Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a specially crafted request.