cbcvebase.
CVE-2014-100002
published 2015-01-13

CVE-2014-100002: Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot…

PriorityP351medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
59.86%
99.0th percentile
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.

Affected

1 ranges
VendorProductVersion rangeFixed in
zohocorpmanageengine_supportcenter_plus<= 7.9

Detection & IOCsextracted from sources · hover to see the quote

url/WorkOrder.do
commandattach=%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
  • Detect HTTP POST requests to /WorkOrder.do containing URL-encoded directory traversal sequences (..%2f or %2F..%2F) in the 'attach' parameter.
  • Flag POST requests to /WorkOrder.do where the 'attach' parameter contains multiple encoded slash-dot sequences (%2F..%2F) indicative of path traversal attempts to reach files like /etc/passwd.
  • Monitor for ticket creation (addWO=addWO) combined with suspicious attPath or attach parameter values referencing server-side file paths outside the application directory.
  • Alert on Metasploit auxiliary module activity targeting ManageEngine Support Center Plus: module creates a support ticket with a traversal-linked attachment and then retrieves it to exfiltrate server files.
  • ·Exploitation requires only normal (guest/requester) user privileges — no admin account needed — making unauthenticated or low-privilege accounts a viable attack vector.
  • ·On Windows deployments, file reads occur with SYSTEM privileges; on Linux, typically as root — maximising the sensitivity of exfiltrated data.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.