CVE-2011-2757
CVE-2011-2757
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue.
Affected products
n/a · n/apublic PoCs found — 4
cve_referencewww.exploit-db.com/exploits/17503/unverifiedexploitdbwww.exploit-db.com/exploits/17503unverifiedexploitdbwww.exploit-db.com/exploits/17437unverifiedexploitdbwww.exploit-db.com/exploits/17442unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →