An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ GET request. For example, the attacker can trigger the transmission of local files to an arbitrary remote FTP server.

Source: CVE-2018-18980

댓글 남기기

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다

Time limit is exhausted. Please reload the CAPTCHA.