CVE-2017-11346

CRITICAL

Zohocorp Manageengine Desktop Central - Improper Input Validation

Title source: rule

Description

Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos.

Exploits (1)

exploitdb WORKING POC

by Kacper Szurek · rubywebappsjava

https://www.exploit-db.com/exploits/42358

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/42358/

[Patch, Vendor Advisory] https://www.manageengine.com/products/desktop-central/remote-code-execution.html

Scores

CVSS v3 9.8

EPSS 0.2499

EPSS Percentile 96.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (1)

zohocorp/manageengine_desktop_central < 10.0

Published Jul 17, 2017

Tracked Since Feb 18, 2026