cbcvebase.
CVE-2014-5006
published 2014-10-21

CVE-2014-5006: Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .…

PriorityP263high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
25.08%
97.7th percentile
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.

Affected

1 ranges
VendorProductVersion rangeFixed in
zohocorpmanageengine_desktop_central<= 9.0

Detection & IOCsextracted from sources · hover to see the quote

  • ·Vulnerability affects Desktop Central v8 through v9 build 90054 (inclusive of MSP versions); v7 is NOT affected by CVE-2014-5006 specifically
  • ·Exploitation requires no authentication and no prior knowledge of target configuration
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.