3 matches found
ManageEngine Desktop Central Remote Code Execution (CVE-2017-11346)
A remote Code Execution vulnerability exists in ManageEngine Desktop Central. The vulnerability is due to insufficient check of parameter. By sending crafted request ,a remote attacker can place a file under a directory that allows server-side scripts to run...
ManageEngine Desktop Central 10 Build 100087 RCE(CVE-2017-11346)
Description: When uploading a file, the FileUploadServlet class does not check the user-controlled fileName parameter using hasVulnerabilityInFileName function. This allows a remote attacker to create a malicious file and place it under a directory that allows server-side scripts to run, which...
CVE-2017-11346
This CVE affects ManageEngine Desktop Central, where the FileUploadServlet allows remote code execution due to insufficient validation of the user-supplied fileName parameter during file uploads (notably for HelpDesk_video and related actions). The vulnerability enables an attacker to place a mal...