Zoho ManageEngine ServiceDesk Plus 10.5 Remote Code ExecutionVulnerability
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring.
The information has been provided by VinCSS .
The original article can be found at: https://www.manageengine.com/products/service-desk/readme.html
Zoho ManageEngine ServiceDesk Plus is prone to an access-bypass vulnerability.
Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks.
Zoho ManageEngine ServiceDesk Plus through 10.5 are vulnerable.
- Zohocorp Manageengine Servicedesk Plus 10.5