Critical severity9.8NVD Advisory· Published Sep 28, 2017· Updated Jun 17, 2026
CVE-2015-8249
CVE-2015-8249
Description
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:manageengine:desktop_central:9.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:manageengine:desktop_central:9.0:*:*:*:*:*:*:*
- (no CPE)range: <91093
Patches
Vulnerability mechanics
References
4- packetstormsecurity.com/files/134806/ManageEngine-Desktop-Central-9-FileUploadServlet-ConnectionId.htmlnvdExploitThird Party AdvisoryVDB Entry
- community.rapid7.com/community/infosec/blog/2015/12/14/r7-2015-22-manageengine-desktop-central-9-fileuploadservlet-connectionid-vulnerability-cve-2015-8249nvdExploitPatchTechnical DescriptionThird Party Advisory
- www.exploit-db.com/exploits/38982/nvdExploitThird Party AdvisoryVDB Entry
- www.rapid7.com/db/modules/exploit/windows/http/manageengine_connectionid_writenvdThird Party Advisory
News mentions
0No linked articles in our index yet.