CVE-2018-12999

CVE-2018-12999

Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI.

Source: CVE-2018-12999

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다