Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2013-7390

🗓️ 27 Jan 2020 17:33:26Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov👁 59 Views🌐 WEB

Unrestricted file upload vulnerability in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote code execution

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today		ManageEngine Desktop Central - Arbitrary File Upload / RCE Vulnerabilities
1 Sep 201400:00
zdt
Circl		CVE-2013-7390
25 Nov 201300:00
circl
Cvelist		CVE-2013-7390
27 Jan 202017:33
cvelist
exploitpack		ManageEngine Desktop Central - Arbitrary File Upload Remote Code Execution
1 Sep 201400:00
exploitpack
Tenable Nessus		ManageEngine Desktop Central AgentLogUploadServlet Arbitrary File Upload RCE (intrusive check)
4 Dec 201300:00
nessus
Tenable Nessus		ManageEngine Desktop Central AgentLogUploadServlet Arbitrary File Upload
4 Dec 201300:00
nessus
Metasploit		ManageEngine Desktop Central AgentLogUpload Arbitrary File Upload
18 Nov 201303:11
metasploit
NVD		CVE-2013-7390
27 Jan 202018:15
nvd
OpenVAS		ManageEngine Desktop Central < 8.0.293 Arbitrary File Upload Vulnerability
20 Nov 201300:00
openvas
Packet Storm		ManageEngine Desktop Central Remote Shell Upload
31 Aug 201400:00
packetstorm
Rows per page
NVD
Node
zohocorpmanageengine_desktop_centralRange7.0.08.0.0
ParameterPositionPathDescriptionCWE
actionToCallquery paramstatusUpdateUnrestricted file upload via statusUpdate leads to remote code execution by uploading a JSP shell.CWE-434
customerIdquery paramstatusUpdateUnrestricted file upload via statusUpdate leads to remote code execution by uploading a JSP shell.CWE-434
fileNamequery paramstatusUpdateUnrestricted file upload via statusUpdate leads to remote code execution by uploading a JSP shell.CWE-434
configDataIDquery paramstatusUpdateUnrestricted file upload via statusUpdate leads to remote code execution by uploading a JSP shell.CWE-434
filenamequery parammdm/mdmLogUploaderUnrestricted file upload via mdmLogUploader allows uploading a JSP shell through the filename parameter.CWE-434
computerNamequery paramagentLogUploaderUnrestricted file upload via agentLogUploader with filename and identifiers enables uploading a JSP shell.CWE-434
domainNamequery paramagentLogUploaderUnrestricted file upload via agentLogUploader with filename and identifiers enables uploading a JSP shell.CWE-434
customerIdquery paramagentLogUploaderUnrestricted file upload via agentLogUploader with filename and identifiers enables uploading a JSP shell.CWE-434
filenamequery paramagentLogUploaderUnrestricted file upload via agentLogUploader with filename and identifiers enables uploading a JSP shell.CWE-434

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2024 02:00Current
9.6High risk
Vulners AI Score9.6
CVSS 27.5
CVSS 3.19.8
EPSS0.6678
CWE-434
cve-2013-7390unrestricted file uploadmanageengine desktopcentralremote code executionsecurity vulnerability
59