CVE-2015-2994

SysAid < 15.1 - Unauthenticated Arbitrary File Upload and Remote Code Execution via ChangePhoto.jsp

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2015-2994. PoCs published by Metasploit, including Metasploit module exploits/multi/http/sysaid_auth_file_upload.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary file upload vulnerability in SysAid Help Desk's ChangePhoto.jsp, allowing authenticated attackers to upload a malicious JSP file for remote code execution. It supports both Linux and Windows targets and includes automatic target detection.

Description

Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappsmultiple
https://www.exploit-db.com/exploits/41691

This Metasploit module exploits an arbitrary file upload vulnerability in SysAid Help Desk's ChangePhoto.jsp, allowing authenticated attackers to upload a malicious JSP file for remote code execution. It supports both Linux and Windows targets and includes automatic target detection.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SysAid Help Desk v14.4
Auth required
Prerequisites: Valid administrator credentials · Access to the administrator portal
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP
webappshardware
https://www.exploit-db.com/exploits/43885

This is a detailed technical writeup describing multiple vulnerabilities in SysAid Help Desk 14.4, including administrator account creation, file upload via directory traversal, arbitrary file download, path disclosure, hard-coded cryptographic key usage, and SQL injection. The writeup provides specific technical details, such as affected endpoints, payloads, and constraints for each vulnerability.

Classification
Writeup 100%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: SysAid Help Desk 14.4
No auth needed
Prerequisites: Network access to the target system · For some vulnerabilities, an administrator account is required
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/sysaid_auth_file_upload.rb

This Metasploit module exploits a file upload vulnerability in SysAid Help Desk's ChangePhoto.jsp, allowing arbitrary file upload via directory traversal and weak file extension handling. It requires administrator credentials and has been tested on SysAid v14.4 for both Linux and Windows.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SysAid Help Desk v14.4
Auth required
Prerequisites: Administrator credentials for SysAid Help Desk · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jun/8
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535679/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75038

Scores

EPSS 0.4979
EPSS Percentile 98.7%

Details

Status published
Products (1)
sysaid/sysaid < 15.1
Published Jun 08, 2015
Tracked Since Feb 18, 2026