CVE-2014-5006

🗓️ 21 Oct 2014 15:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 82 Views🌐 WEB

Directory traversal vulnerability in ZOHO ManageEngine Desktop Central allows remote code execution.

Reporter	Title	Published	Views	Family All 13
0day.today	ManageEngine Desktop Central - Arbitrary File Upload / RCE Vulnerabilities	1 Sep 201400:00	–	zdt
Circl	CVE-2014-5006	9 Sep 201400:00	–	circl
Check Point Advisories	ManageEngine Desktop Central mdmLogUploader Directory Traversal (CVE-2014-5006)	14 Oct 201400:00	–	checkpoint_advisories
Cvelist	CVE-2014-5006	21 Oct 201415:00	–	cvelist
Exploit DB	ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution	1 Sep 201400:00	–	exploitdb
exploitpack	ManageEngine Desktop Central - Arbitrary File Upload Remote Code Execution	1 Sep 201400:00	–	exploitpack
Tenable Nessus	ManageEngine Desktop Central Arbitrary File Upload and RCE (Safe Check)	25 Mar 201500:00	–	nessus
NVD	CVE-2014-5006	21 Oct 201415:55	–	nvd
OpenVAS	Multiple ManageEngine Products 7.0 - 9.0.054 Arbitrary File Upload Vulnerability	9 Sep 201400:00	–	openvas
Packet Storm	ManageEngine Desktop Central Remote Shell Upload	31 Aug 201400:00	–	packetstorm

NVD

Node

Source	Link
seclists	www.seclists.org/fulldisclosure/2014/Aug/88
manageengine	www.manageengine.com/products/desktop-central/remote-code-execution.html
raw	www.raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc9_file_upload.txt
osvdb	www.osvdb.org/show/osvdb/110644
exploit-db	www.exploit-db.com/exploits/34594

Parameter	Position	Path	Description	CWE
filename	query param	mdm/mdmLogUploader	Directory traversal/file upload vulnerability returning shell via mdmLogUploader endpoint	CWE-22
fileName	query param	statusUpdate	Directory traversal vulnerability via statusUpdate endpoint using fileName parameter	CWE-22
filename	query param	agentLogUploader	Remote code execution via file upload using filename parameter on agentLogUploader	CWE-22

06 May 2026 22:30Current

9.5High risk

Vulners AI Score9.5

CVSS 27.5

EPSS0.55899