Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-6035Path Traversal in Manageengine Opmanager

CWE-22Path Traversal4 documents4 sources
Severity
7.5HIGHNVD
EPSS
11.6%
top 6.34%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Zohocorp Manageengine Opmanager
Timeline
PublishedDec 4
Latest updateMay 17

Description

Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

Patches

Patch: support.zoho.comPatch: support.zoho.com

🔴Vulnerability Details

2
GHSA
GHSA-h8hf-w3qq-98m2: Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 112022-05-17
CVEList
CVE-2014-6035: Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 112014-12-04

💥Exploits & PoCs

1
Exploit-DB
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities2014-11-09
CVE-2014-6035 — Path Traversal | cvebase