CVE-2014-100002 Information

Description

Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.

Reference

http://osvdb.org/show/osvdb/102656 http://www.exploit-db.com/exploits/31262 https://exchange.xforce.ibmcloud.com/vulnerabilities/90806 https://supportcenter.wiki.zoho.com/ReadMe-V2.html