CyberSec.Space Logo
Back to CVE Browser

CVE-2019-8394

Known Exploited (CISA KEV)MEDIUM
6.5
CVSS Severity Score
EPSS Score66.9960%
EPSS Percentile93.53th
PublishedFeb 17, 2019
Last ModifiedNov 7, 2025

Vulnerability Description

Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.

Affected Platforms (CPE)

πŸ“¦
Zohocorp

Manageengine Servicedesk Plus

< 10.0.0
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
πŸ“¦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0

References & Advisories

πŸ”— http://www.securityfocus.com/bid/107129
πŸ”— https://www.exploit-db.com/exploits/46413/
πŸ”— https://www.manageengine.com/products/service-desk/readme.html
πŸ”— http://www.securityfocus.com/bid/107129
πŸ”— https://www.exploit-db.com/exploits/46413/
πŸ”— https://www.manageengine.com/products/service-desk/readme.html
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8394

Related Vulnerabilities

CVE-2021-315319.8

Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).

CVE-2021-445269.8

Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.

CVE-2019-83959.8

An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 1000...

CVE-2021-374159.8

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without aut...