← back
CVE-2014-100002

CVE-2014-100002

EPSS 59.9%
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/31262unverifiedexploitdbwww.exploit-db.com/exploits/31262unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/show/osvdb/102656https://exchange.xforce.ibmcloud.com/vulnerabilities/90806https://supportcenter.wiki.zoho.com/ReadMe-V2.htmlhttp://www.exploit-db.com/exploits/31262