Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-2755Path Traversal in Servicedesk Plus

CWE-22Path Traversal7 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
3.0%
top 13.48%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Manageengine Servicedesk Plus
Timeline
PublishedJul 17
Latest updateDec 15

Description

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-m953-88vc-vwxj: Directory traversal vulnerability in FileDownload2022-05-17
CVEList
CVE-2011-2755: Directory traversal vulnerability in FileDownload2011-07-17

💥Exploits & PoCs

3
Exploit-DB
ManageEngine ServiceDesk 8.0.0.12 - Database Disclosure2011-07-07
Exploit-DB
ManageEngine ServiceDesk Plus 8.0 - Directory Traversal2011-06-23
Exploit-DB
ManageEngine Support Center Plus 7.8 Build 7801 - Directory Traversal2011-06-23

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS ManageEngine ServiceDesk Plus Arbitrary File Access via Parameter Traversal (CVE-2011-2755)2025-12-15
CVE-2011-2755 — Path Traversal in Servicedesk Plus | cvebase