Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker could authenticate by exploiting CVE-2021-44515.)
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-02-25T00:00:00

Updated: 2024-08-03T15:10:59.755Z

Reserved: 2023-02-25T00:00:00

Link: CVE-2022-48362

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-02-25T21:15:10.567

Modified: 2024-11-21T07:33:15.157

Link: CVE-2022-48362

cve-icon Redhat

No data.