CVE-2015-2995

SysAid < 15.1 - Remote Code Execution via RdsLogsEntry File Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2015-2995. PoCs published by Metasploit, including Metasploit module exploits/multi/http/sysaid_rdslogs_file_upload.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary file upload vulnerability in SysAid Help Desk by leveraging insecure handling of zip file contents in the RdsLogsEntry servlet, leading to remote code execution via WAR file deployment.

Description

The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotejava
https://www.exploit-db.com/exploits/37667

This Metasploit module exploits an arbitrary file upload vulnerability in SysAid Help Desk by leveraging insecure handling of zip file contents in the RdsLogsEntry servlet, leading to remote code execution via WAR file deployment.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SysAid Help Desk v14.3 and v14.4
No auth needed
Prerequisites: Target running Java 6 or 7 up to 7u25 · Access to the RdsLogsEntry servlet
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP
webappshardware
https://www.exploit-db.com/exploits/43885

This is a detailed technical writeup describing multiple vulnerabilities in SysAid Help Desk 14.4, including administrator account creation, file upload via directory traversal, arbitrary file download, path disclosure, hard-coded cryptographic key usage, and SQL injection. The writeup provides specific technical details, such as affected endpoints, payload formats, and constraints for each vulnerability.

Classification
Writeup 100%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: SysAid Help Desk 14.4
No auth needed
Prerequisites: Network access to the target system · Specific versions of Java for some vulnerabilities
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocjava
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/sysaid_rdslogs_file_upload.rb

This Metasploit module exploits an unauthenticated file upload vulnerability in SysAid Help Desk v14.3 and v14.4 via the RdsLogsEntry servlet, leveraging insecure handling of zip file contents and null byte injection to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SysAid Help Desk v14.3 and v14.4
No auth needed
Prerequisites: Target running Java 6 or 7 up to 7u25 · Access to port 8080
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jun/8
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535679/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75038
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37667/

Scores

EPSS 0.3379
EPSS Percentile 98.2%

Details

CWE
CWE-22
Status published
Products (1)
sysaid/sysaid < 15.1
Published Jun 08, 2015
Tracked Since Feb 18, 2026