CVE-2017-14123

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Firewall Analyzer version 12200

Description The issue is related to an unrestricted File Upload vulnerability in the "Group Chat" section. This allows any user to upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by the "/itplus/FileStorage/302/shell.jsp" endpoint.

Recommendations For Zoho ManageEngine Firewall Analyzer version 12200, consider disabling the file upload feature in the "Group Chat" section until a patch is available to prevent exploitation. Restrict access to the /itplus/FileStorage/ endpoint to minimize the risk of uploading malicious files. Avoid using the file upload feature in the "Group Chat" section until the issue is resolved.