Summary
ManageEngine ServiceDesk Plus is prone to a directory-traversal vulnerability because the application fails to properly sanitize user- supplied input.
An attacker can exploit this vulnerability to obtain arbitrary local files in the context of the webserver process.
ManageEngine ServiceDesk Plus 8.0 is vulnerable
other versions may
also be affected.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2011-2757 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache CouchDB Cross Site Request Forgery Vulnerability
- Ampache Reflected Cross Site Scripting Vulnerability
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities