Unrated severityNVD Advisory· Published Jan 17, 2020· Updated Aug 6, 2024
CVE-2014-5007
CVE-2014-5007
Description
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- ZOHO ManageEngine/Desktop Central Managed Service Providers (MSP) editiondescription
- Range: <9 build 90055
Patches
Vulnerability mechanics
References
2- seclists.org/fulldisclosure/2014/Aug/88mitrex_refsource_MISC
- www.manageengine.com/products/desktop-central/remote-code-execution.htmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.