Lucene search
+L

CVE-2015-2994

🗓️ 08 Jun 2015 14:00:00Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 57 Views🌐 WEB

Unrestricted file upload in SysAid Help Desk before 15.2 allows remote code execution

Related
Detection
Refs
Paths
NVD
Node
sysaidsysaidRange15.1
ParameterPositionPathDescriptionCWE
activationrequest bodysysaid/ChangePhoto.jspAuthenticated file upload via ChangePhoto.jsp leading to remote code execution (CVE-2015-2994).
rdsNamerequest bodysysaid/rdslogsDirectory traversal during log submission enabling remote payloads (CVE-2015-2995).
fileNamequery paramsysaid/getGfiUpgradeFileArbitrary file download via traversal in getGfiUpgradeFile (CVE-2015-2996).
accountIdquery paramsysaid/getAgentLogFilePath disclosure via agent log file retrieval (CVE-2015-2997).
computerIdquery paramsysaid/getAgentLogFilePath disclosure via agent log file retrieval (CVE-2015-2997).
groupFilterrequest bodysysaid/genericreportSQL injection in genericreport (CVE-2015-2999) with multiple payloads depending on reportName.
customSQLrequest bodysysaid/genericreportSQL injection in genericreport (CVE-2015-2999) with multiple payloads depending on reportName.
dirquery paramsysaid/HelpDesk.jspSQL injection via dir parameter in HelpDesk.jsp (CVE-2015-2999).
ganttSQLrequest bodysysaid/RFCGantt.jspSQL injection via ganttSQL in RFCGantt.jsp (CVE-2015-2999).
fileNamequery paramsysaid/calculateRdsFileChecksumDenial of service via calculating checksum (CVE-2015-2996).
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 00:25Current
7.6High risk
Vulners AI Score7.6
CVSS 26.5
EPSS0.49791
57