CVE-2014-6035

Zohocorp Manageengine Opmanager < 11.3 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.

Exploits (1)

exploitdb WRITEUP

webappsmultiple

https://www.exploit-db.com/exploits/43896

View on exploitdb

References (3)

[Exploit] http://seclists.org/fulldisclosure/2014/Sep/110

[Exploit] https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt

[Patch] https://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fix

Scores

EPSS 0.1159

EPSS Percentile 93.5%

Classification

CWE

CWE-22

Status draft

Affected Products (2)

zohocorp/manageengine_opmanager < 11.3

zohocorp/manageengine_opmanager

Timeline

Published Dec 04, 2014

Tracked Since Feb 18, 2026