CVE-2011-2757

ManageEngine ServiceDesk Plus <= 8.0.0.12 - Path Traversal via FileDownload.jsp FILENAME Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2011-2757. PoCs published by xistence, Keith Lee, @ygoltsev, including Metasploit module auxiliary/scanner/http/servicedesk_plus_traversal.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in ManageEngine Support Center Plus 7.8 build <= 7801, allowing unauthenticated attackers to read arbitrary files on the server, including sensitive files like /etc/shadow or database files.

Description

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue.

Exploits (4)

exploitdb WORKING POC VERIFIED
by xistence · textwebappsjsp
https://www.exploit-db.com/exploits/17442

This exploit demonstrates a directory traversal vulnerability in ManageEngine Support Center Plus 7.8 build <= 7801, allowing unauthenticated attackers to read arbitrary files on the server, including sensitive files like /etc/shadow or database files.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ManageEngine Support Center Plus 7.8 build <= 7801
No auth needed
Prerequisites: Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Keith Lee · textwebappsjsp
https://www.exploit-db.com/exploits/17437

This is a writeup describing a directory traversal vulnerability in ManageEngine ServiceDesk Plus 8.0. The vulnerability allows attackers to access local files by manipulating file paths with '../' sequences.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ManageEngine ServiceDesk Plus 8.0
No auth needed
Prerequisites: Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by @ygoltsev · perlwebappsjsp
https://www.exploit-db.com/exploits/17503

This Perl script exploits a directory traversal vulnerability in ManageEngine ServiceDesk <= 8.0.0.12 to disclose database backup files. It retrieves server logs to locate backup paths and constructs URLs to download them.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: ManageEngine ServiceDesk <= 8.0.0.12
No auth needed
Prerequisites: Network access to the target server · ServiceDesk running on Windows
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/servicedesk_plus_traversal.rb

This Metasploit module exploits an unauthenticated path traversal vulnerability in ManageEngine ServiceDesk Plus (CVE-2011-2757) to retrieve arbitrary files from the filesystem. It sends a crafted HTTP GET request to 'FileDownload.jsp' with traversal sequences to access files outside the intended directory.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ManageEngine ServiceDesk Plus build 9110 and lower
No auth needed
Prerequisites: Network access to the target service · ServiceDesk Plus running on port 8080 (default)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/17503/

Scores

EPSS 0.6649
EPSS Percentile 98.6%

Details

CWE
CWE-22
Status published
Products (4)
manageengine/servicedesk_plus 7.0.0
manageengine/servicedesk_plus 7.6
manageengine/servicedesk_plus 8.0
manageengine/servicedesk_plus < 8.0.0.12
Published Jul 17, 2011
Tracked Since Feb 18, 2026