cve/2017/CVE-2017-11561.md

### [CVE-2017-11561](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11561)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.

### POC

#### Reference
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2017-11561](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11561)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.`

			`### POC`

			`#### Reference`
			`- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736`

			`#### Github`
			`No PoCs found on GitHub currently.`