CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-8394

Known Exploited (CISA KEV)MEDIUM
6.5
CVSS Severity Score
EPSS Score66.9960%
EPSS Percentile93.53th
Published2019年2月17日
Last Modified2025年11月7日

Vulnerability Description

Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.

Affected Platforms (CPE)

📦
Zohocorp

Manageengine Servicedesk Plus

< 10.0.0
📦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
📦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
📦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
📦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
📦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
📦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
📦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
📦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
📦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
📦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
📦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
📦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0
📦
Zohocorp

Manageengine Servicedesk Plus

= 10.0.0

References & Advisories

🔗 http://www.securityfocus.com/bid/107129
🔗 https://www.exploit-db.com/exploits/46413/
🔗 https://www.manageengine.com/products/service-desk/readme.html
🔗 http://www.securityfocus.com/bid/107129
🔗 https://www.exploit-db.com/exploits/46413/
🔗 https://www.manageengine.com/products/service-desk/readme.html
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8394

相关漏洞威胁

CVE-2021-315319.8

Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).

CVE-2021-445269.8

Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.

CVE-2019-83959.8

An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 1000...

CVE-2021-374159.8

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without aut...