Directory Traversal Vulnerability in ManageEngine SupportCenter Plus by Zoho
CVE-2015-5149

Currently unrated

Key Information:

Vendor

Zohocorp
Status
Manageengine Supportcenter Plus
Vendor
CVE Published:
30 June 2015

What is CVE-2015-5149?

A directory traversal vulnerability exists in Zoho's ManageEngine SupportCenter Plus version 7.90, allowing remote authenticated users to write arbitrary files. This issue arises when user input is not properly sanitized, particularly in the component parameter of the Request component in workorder/Attachment.jsp, where '..' sequences can be exploited to traverse directories and potentially overwrite sensitive files.

References

https://www.exploit-db.com/exploits/37322/
exploitx_refsource_EXPLOIT-DB
http://packetstormsecurity.com/files/132376/ManageEngine-...
x_refsource_MISC
http://www.vulnerability-lab.com/get_content.php?id=1501
x_refsource_MISC

EPSS Score

42% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.