CVE-2014-100002

Zohocorp Manageengine Supportcenter Plus < 7.9 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.

Exploits (2)

metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/support_center_plus_directory_traversal.rb
exploitdb WORKING POC
by xistence · textwebappsphp
https://www.exploit-db.com/exploits/31262

References (4)

Scores

EPSS 0.7704
EPSS Percentile 98.9%

Classification

CWE
CWE-22
Status draft

Affected Products (1)

zohocorp/manageengine_supportcenter_plus < 7.9

Timeline

Published Jan 13, 2015
Tracked Since Feb 18, 2026