VYPR
Unrated severityNVD Advisory· Published Jan 17, 2020· Updated Aug 6, 2024

CVE-2014-5007

CVE-2014-5007

Description

Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • ZOHO ManageEngine/Desktop Central Managed Service Providers (MSP) editiondescription
  • Range: <9 build 90055

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.