Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a … (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue.
CPE | Name | Operator | Version |
---|---|---|---|
servicedesk_plus | eq | 7.6 | |
servicedesk_plus | le | 8.0.0.12 | |
servicedesk_plus | eq | 7.0.0 | |
servicedesk_plus | eq | 8.0 |