Unrated severityNVD Advisory· Published Jan 13, 2015· Updated May 6, 2026

CVE-2014-100002

Description

Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.

Affected products

Zohocorp/Manageengine Supportcenter Plus
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:7916:*:*:*:*:*:*
Range: <=7.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/31262nvdExploit
osvdb.org/show/osvdb/102656nvd
exchange.xforce.ibmcloud.com/vulnerabilities/90806nvd
supportcenter.wiki.zoho.com/ReadMe-V2.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.063
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000