PT-2018-16909 · Zoho · Zoho Manageengine Desktop Central

Published

2018-04-18

Updated

2019-03-05

CVE-2018-5341

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Desktop Central versions 10.0.124 through 10.0.184

Description A security issue was found in the software, specifically a missing server-side check on the file type or extension when uploading and modifying scripts.

Recommendations For versions 10.0.124 through 10.0.184, update to a version that includes the server-side check for file type or extension to prevent unauthorized script uploads and modifications.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-5341

Affected Products

Zoho Manageengine Desktop Central

PT-2018-16909 · Zoho · Zoho Manageengine Desktop Central

CVE-2018-5341

Weakness Enumeration

Related Identifiers

Affected Products

References · 4