Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and previous versions allows remote malicious users to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
manageengine servicedesk plus |
||
manageengine servicedesk plus 7.6 |
||
manageengine servicedesk plus 8.0 |
||
manageengine servicedesk plus 7.0.0 |