|    |    |    | Today: 21-Sep-2019 |

ManageEngine Desktop Central 10 Build 100087 Remote Code Execution

November 1, 2017 | Posted in ExploitAlert

This Metasploit module exploits a vulnerability found in ManageEngine Desktop Central 10. When uploading a file, the FileUploadServlet class does not check the user-controlled fileName parameter. This allows a remote attacker to create a malicious file and place it under a directory that allows server-side scripts to run, which results in remote code execution under the context of SYSTEM. This exploit was successfully tested on version 10, build 100087.


Source: ManageEngine Desktop Central 10 Build 100087 Remote Code Execution

Taged in: Exploit