Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-2757 — Path Traversal in Servicedesk Plus

CWE-22 — Path Traversal6 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
66.5%
top 1.46%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Manageengine Servicedesk Plus
Timeline
PublishedJul 17
Latest updateMay 17

Description

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

â–¶NVDmanageengine/servicedesk_plus8.0.0.12+3

🔴Vulnerability Details

2
GHSA
GHSA-v72f-5j8q-jfjq: Directory traversal vulnerability in FileDownload↗2022-05-17
â–¶
CVEList
CVE-2011-2757: Directory traversal vulnerability in FileDownload↗2011-07-17
â–¶

💥Exploits & PoCs

3
Exploit-DB
ManageEngine ServiceDesk 8.0.0.12 - Database Disclosure↗2011-07-07
â–¶
Exploit-DB
ManageEngine ServiceDesk Plus 8.0 - Directory Traversal↗2011-06-23
â–¶
Exploit-DB
ManageEngine Support Center Plus 7.8 Build 7801 - Directory Traversal↗2011-06-23
â–¶
CVE-2011-2757 — Path Traversal in Servicedesk Plus | cvebase