Vulnerability Details CVE-2013-7390
Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.668
EPSS Ranking 98.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://seclists.org/fulldisclosure/2013/Nov/130
- https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/desktopcentral_file_upload.rb
- http://seclists.org/fulldisclosure/2013/Nov/130
- https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/desktopcentral_file_upload.rb
Products affected by CVE-2013-7390
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:7.0.0
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:7.0.1
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:8.0.0