CVE-2014-6036

Zohocorp Manageengine Opmanager < 11.3 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter.

Exploits (1)

exploitdb WRITEUP

webappsmultiple

https://www.exploit-db.com/exploits/43896

View on exploitdb

References (3)

[Exploit] http://seclists.org/fulldisclosure/2014/Sep/110

[Exploit] https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt

[Patch] https://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fix

Scores

EPSS 0.3646

EPSS Percentile 97.0%

Classification

CWE

CWE-22

Status draft

Affected Products (4)

zohocorp/manageengine_opmanager < 11.3

zohocorp/manageengine_it360 < 10.4

zohocorp/manageengine_it360

zohocorp/manageengine_social_it_plus

Timeline

Published Dec 04, 2014

Tracked Since Feb 18, 2026