Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Zoho ManageEngine ServiceDesk Plus < 10.5 - Improper Access Restrictions

Related Vulnerabilities: CVE-2019-12252  
Publish Date: 22 May 2019
Author: Vingroup
Source / Download Exploit 
                							

                # Exploit Title: Zoho ManageEngine ServiceDesk Plus &lt; 10.5 Incorrect Access Control
# Date: 2019-05-21
# Exploit Author: Enter of VinCSS (Vingroup)
# Vendor Homepage: https://www.manageengine.com/products/service-desk
# Version: Zoho ManageEngine ServiceDesk Plus &lt; 10.5
# CVE : CVE-2019-12252



In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the 

SDNotify.do?notifyModule=Solution&amp;mode=E-Mail&amp;notifyTo=SOLFORWARD&amp;id= substring

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started