CVE-2019-8925 (manageengine_netflow_analyzer)

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:boot.ini value.
Source: NIST
CVE-2019-8925 (manageengine_netflow_analyzer)