CVE-2014-100002

ManageEngine SupportCenter Plus < 7.9 - Path Traversal via WorkOrder.do Attach Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-100002. PoCs published by xistence, including Metasploit module auxiliary/scanner/http/support_center_plus_directory_traversal.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in ManageEngine Support Center Plus 7916 and lower. By manipulating the attachment parameter in a POST request, an attacker can read arbitrary files on the server with the privileges of the application (often SYSTEM on Windows or root on Linux).

Description

Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.

Exploits (2)

exploitdb WORKING POC
by xistence · textwebappsphp
https://www.exploit-db.com/exploits/31262

This exploit demonstrates a directory traversal vulnerability in ManageEngine Support Center Plus 7916 and lower. By manipulating the attachment parameter in a POST request, an attacker can read arbitrary files on the server with the privileges of the application (often SYSTEM on Windows or root on Linux).

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ManageEngine Support Center Plus <= 7916
No auth needed
Prerequisites: Network access to the target application · Ability to send crafted POST requests
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/support_center_plus_directory_traversal.rb

This Metasploit module exploits a directory traversal vulnerability in ManageEngine Support Center Plus (build 7916 and lower) to retrieve arbitrary files from the server filesystem. It authenticates as a user, creates a support ticket with a malicious file attachment path, and then downloads the file using the generated file ID and auth key.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: ManageEngine Support Center Plus (build 7916 and lower)
Auth required
Prerequisites: Valid credentials for Support Center Plus · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90806
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/31262
Various Sources x_refsource_confirm
https://supportcenter.wiki.zoho.com/ReadMe-V2.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/102656

Scores

EPSS 0.5986
EPSS Percentile 99.0%

Details

CWE
CWE-22
Status published
Products (1)
zohocorp/manageengine_supportcenter_plus < 7.9
Published Jan 13, 2015
Tracked Since Feb 18, 2026