File Upload Vulnerability in ManageEngine Desktop Central by Zoho
CVE-2015-8249
9.8CRITICAL
Summary
The FileUploadServlet in ManageEngine Desktop Central 9 versions prior to build 91093 contains a vulnerability that permits remote attackers to upload and execute arbitrary files through manipulation of the ConnectionId parameter. This flaw can be exploited to gain unauthorized access and control over the affected system, leading to potential data breaches and system compromises.
References
EPSS Score
96% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved