Desktop Central Security Vulnerabilities
SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT3...
8.1AI Score
0.935EPSS
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.
9.8CVSS
9.6AI Score
0.966EPSS
Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations.
9.8CVSS
9.7AI Score
0.007EPSS
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.cs...
6.1CVSS
6.3AI Score
0.005EPSS
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pd...
6.1CVSS
6.3AI Score
0.005EPSS
A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP re...
8.8CVSS
8.3AI Score
0.004EPSS