CVE-2014-5007

CRITICAL

ManageEngine Desktop Central 7.0-9.0 - Path Traversal & Arbitrary File Write via AgentLogUploader

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2014-5007. PoCs published by Metasploit, Pedro Ribeiro, Security-Assessment.com.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary file upload vulnerability in ManageEngine Desktop Central 8 (builds < 80293) to achieve remote code execution by uploading a malicious JSP file without authentication.

Description

Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/29812

View Code ZIP pw:eip

This Metasploit module exploits an arbitrary file upload vulnerability in ManageEngine Desktop Central 8 (builds < 80293) to achieve remote code execution by uploading a malicious JSP file without authentication.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ManageEngine Desktop Central 8 (builds < 80293)

No auth needed

Prerequisites: Network access to the target server on port 8020 · Target running a vulnerable version of Desktop Central

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Pedro Ribeiro · textwebappsjsp

https://www.exploit-db.com/exploits/34518

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated arbitrary file upload vulnerability in ManageEngine Desktop Central, allowing remote code execution as SYSTEM via JSP shell upload. The vulnerability (CVE-2014-5007) leverages path traversal in the agentLogUploader endpoint.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ManageEngine Desktop Central v7 to v9 build 90054

No auth needed

Prerequisites: valid computerName, domainName, and customerId

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Security-Assessment.com · textwebappsjsp

https://www.exploit-db.com/exploits/29674

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in ManageEngine DesktopCentral versions < 80293. It leverages the AgentLogUploadServlet to upload a JSP file to the web root, allowing remote code execution as NT-AUTHORITY\SYSTEM.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ManageEngine DesktopCentral < 80293

No auth needed

Prerequisites: Network access to the target server · DesktopCentral service running on port 8020

MITRE ATT&CK

T1133 - External Remote Services T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://www.manageengine.com/products/desktop-central/remote-code-execution.html

Exploit, Mailing List, Third Party Advisory x_refsource_misc

http://seclists.org/fulldisclosure/2014/Aug/88

Scores

CVSS v3 9.8

EPSS 0.4863

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (2)

zohocorp/manageengine_desktop_central 7.0 - 9.0

zohocorp/manageengine_desktop_central_managed_service_providers 7.0 - 9.0

Published Jan 17, 2020

Tracked Since Feb 18, 2026