CVE-2019-8394

Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.

Basic Information

CVE State: PUBLISHED
Reserved Date: February 16, 2019
Published Date: February 17, 2019
Last Updated: February 04, 2025
Vendor: n/a
Product: n/a
Description: Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.

CVSS Scores

SSVC Information

Exploitation: active
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (added 2021-11-03 00:00:00 UTC) Source

References

https://www.exploit-db.com/exploits/46413/ http://www.securityfocus.com/bid/107129 https://www.manageengine.com/products/service-desk/readme.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC