Zoho ManageEngine OpManager version 12.3 suffers from an arbitrary file upload vulnerability.
b33e29926189ccf274c11a2f500355455426ce1a4b36d07449efbf681fa210ab
I. VULNERABILITY
-------------------------
Zoho ManageEngine OpManager 12.3 allows Unrestricted Arbitrary File Upload
II. CVE REFERENCE
-------------------------
CVE-2018-18475
III. VENDOR
-------------------------
https://www.manageengine.com
IV. TIMELINE
-------------------------
19/09/18 Vulnerability discovered
19/09/18 Vendor contacted
16/10/2018 OPManager replay that they fixed
V. CREDIT
-------------------------
Murat Aydemir and Hakan Bayir at Biznet Bilisim A.S.
VI. DESCRIPTION
-------------------------
ManageEngine OPManager product(version 12.3) was allows to
arbitrary/unrestricted file upload. A successfully exploit of this
attack could allows remote code execution on target host.
VII. Remediation
-------------------------
Its recommended to update latest version of OPManager. Its fixed in
version 12.3 and Build No 123214