CVE-2015-8249

CRITICAL

ManageEngine Desktop Central <9 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-8249. PoCs published by Metasploit, sinn3r, including Metasploit module exploits/windows/http/manageengine_connectionid_write.

AI-analyzed exploit summary This Metasploit module exploits a file upload vulnerability in ManageEngine Desktop Central 9 by injecting a null byte to bypass file extension checks, allowing arbitrary JSP file upload and execution for remote code execution.

Description

The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotejsp
https://www.exploit-db.com/exploits/38982

This Metasploit module exploits a file upload vulnerability in ManageEngine Desktop Central 9 by injecting a null byte to bypass file extension checks, allowing arbitrary JSP file upload and execution for remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ManageEngine Desktop Central 9 (builds 90109 and 91084)
No auth needed
Prerequisites: Network access to the target server · Target running ManageEngine Desktop Central 9 on port 8020 or 8040
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by sinn3r · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/manageengine_connectionid_write.rb

This Metasploit module exploits a path traversal vulnerability in ManageEngine Desktop Central 9's FileUploadServlet to upload a malicious JSP file, achieving remote code execution as SYSTEM. The exploit leverages a null byte injection in the ConnectionId parameter to bypass file extension checks and place the payload in a web-accessible directory.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ManageEngine Desktop Central 9 (builds 90109 and 91084)
No auth needed
Prerequisites: Network access to the target server (default ports 8020 or 8040) · Target running a vulnerable version of ManageEngine Desktop Central 9
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 9.8
EPSS 0.8016
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
manageengine/desktop_central 9.0
Published Sep 28, 2017
Tracked Since Feb 18, 2026