cbcvebase.
CVE-2014-5005
published 2014-10-21

CVE-2014-5005: Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .…

PriorityP272high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
77.85%
99.5th percentile
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.

Affected

1 ranges
VendorProductVersion rangeFixed in
zohocorpmanageengine_desktop_central<= 9.0

Detection & IOCsextracted from sources · hover to see the quote

url/statusUpdate?actionToCall=LFU&customerId=1337&fileName=../../../../../../shell.jsp&configDataID=1
port8020
commandPOST /statusUpdate?actionToCall=LFU&customerId=1337&fileName=../../../../../../shell.jsp&configDataID=1
  • Detect HTTP POST requests to /statusUpdate with query parameter actionToCall=LFU and a fileName parameter containing directory traversal sequences (../ or ..\ patterns) targeting JSP file upload.
  • Alert on Content-Type of text/html in POST requests to /statusUpdate, which is used by the exploit module to deliver the malicious JSP payload.
  • Monitor for JSP file creation in the web root (webapps/DesktopCentral/) as a result of unauthenticated file upload via the statusUpdate endpoint.
  • Check for GET requests to /configurations.do used by the exploit to fingerprint the Desktop Central version prior to exploitation.
  • Inspect the fileName parameter in requests to /statusUpdate for sequences of '../' repeated multiple times (e.g., 6 or more traversal steps) indicating path traversal exploitation.
  • ·The vulnerability affects all versions from v7 to v9 build 90054 (including MSP variants); early builds of v7 without a bundled Java compiler are not exploitable.
  • ·The exploit requires no authentication and no prior knowledge of the target environment — any exposed instance is at risk.
  • ·The default exploit target port is 8020; deployments on non-standard ports would require adjusted detection rules.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.