CVE-2015-5149

ManageEngine SupportCenter Plus 7.90 - Path Traversal & Arbitrary File Write via Attachment.jsp

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-5149. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This is a detailed vulnerability writeup for CVE-2025-5150, describing multiple vulnerabilities in ManageEngine SupportCenter Plus 7.90, including improper authentication, directory traversal, and reflected XSS. It provides technical details and proof-of-concept steps but does not include executable exploit code.

Description

Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.

Exploits (1)

exploitdb WRITEUP
by Vulnerability-Lab · textwebappsmultiple
https://www.exploit-db.com/exploits/37322

This is a detailed vulnerability writeup for CVE-2025-5150, describing multiple vulnerabilities in ManageEngine SupportCenter Plus 7.90, including improper authentication, directory traversal, and reflected XSS. It provides technical details and proof-of-concept steps but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Info Leak | Auth Bypass | Xss
Complexity
Moderate
Reliability
Reliable
Target: ManageEngine SupportCenter Plus 7.90
Auth required
Prerequisites: Active Directory integration configured · Low-privilege account access · Network connectivity to attacker-controlled domain for user import
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

EPSS 0.1043
EPSS Percentile 95.1%

Details

CWE
CWE-22
Status published
Products (1)
zohocorp/manageengine_supportcenter_plus 7.90
Published Jun 30, 2015
Tracked Since Feb 18, 2026