Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
References
Configurations
Information
Published : 2014-10-21 08:55
Updated : 2020-01-17 14:15
NVD link : CVE-2014-5005
Mitre link : CVE-2014-5005
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
zohocorp
- manageengine_desktop_central