CVE-2015-5149

2015-06-3014:00:00

mitre

www.cve.org

AI Score

6.4

Confidence

Low

EPSS

0.01

Percentile

83.7%

JSON

Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a … (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.

References

packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html

www.securityfocus.com/bid/75512

www.vulnerability-lab.com/get_content.php?id=1501

www.exploit-db.com/exploits/37322/