Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2013-7390

Published: 27/01/2020 Updated: 05/02/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 765
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Zohocorp

Vulnerability Summary

Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote malicious users to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zohocorp manageengine desktop central

Exploits

Exploit DB: ManageEngine Desktop Central Remote Shell Upload
ManageEngine Desktop Central suffers from code execution and remote shell upload vulnerabilities ...
Exploit DB: ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution
Arbitrary file upload / remote code execution in ManageEngine Desktop Central / Desktop Central MSP Discovered by Pedro Ribeiro (pedrib@gmailcom), Agile Information Security ================================================================================= Background on the affected product: "Desktop Central is an integrated desktop & mobile d ...
Exploit DB: ManageEngine Desktop Central 8.0.0 build < 80293 - Arbitrary File Upload
( , ) (, `' ) (' ', ) , (' ( ) ( (_,) `), ) _ _, / _____/ / _ \ ____ ____ _____ \____ \==/ /_\ \ _/ ___\/ _ \ / \ / \/ | \\ \__( &lt;_&gt; ) Y Y \ /______ /\___|__ / \___ &gt;____/|__|_| / \/ \/- \/ \/:wq (x0) ...
Exploit DB: DesktopCentral AgentLogUpload - Arbitrary File Upload (Metasploit)
## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 &lt; Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initial ...

References

CWE-434http://seclists.org/fulldisclosure/2013/Nov/130https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/desktopcentral_file_upload.rbhttps://nvd.nist.govhttps://packetstormsecurity.com/files/128108/ManageEngine-Desktop-Central-Remote-Shell-Upload.htmlhttps://www.exploit-db.com/exploits/34518/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28254CVE-2024-32515CVE-2024-21338validationCVE-2024-32522dosCVE-2024-2101CVE-2024-21107elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook