Path Traversal in Zohocorp Manageengine_desktop_central

CVE-2014-5006

Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.559 (98.1th percentile) — read the EPSS interpretation.

Affected products

Zohocorp Manageengine_desktop_central
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

20140831 [The ManageOwnage Series, part III]: Multiple vulnerabilities / RCE in ManageEngine Desktop Central (mailing-list, Exploit, x_refsource_FULLDISC)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_MISC)
34594 (Exploit, exploit, x_refsource_EXPLOIT-DB)
110644 (x_refsource_OSVDB, vdb-entry)