Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-01-13T11:00:00

Updated: 2024-08-06T14:10:56.372Z

Reserved: 2015-01-13T00:00:00

Link: CVE-2014-100002

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2015-01-13T11:59:01.273

Modified: 2024-11-21T02:03:12.097

Link: CVE-2014-100002

cve-icon Redhat

No data.