CVE-2018-5341

Published: Apr 18, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts.

Affected (2)

Products: Zohocorp: Manageengine Desktop Central

Zohocorp

1 product

Manageengine Desktop Central

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Desktop Central	Version 10.0.124
Zohocorp Manageengine Desktop Central	Version 10.0.184

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html

Source: cve@mitre.org

Third Party Advisory

https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/

Source: cve@mitre.org

ExploitTechnical DescriptionThird Party Advisory

https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.