CVE-2019-8394 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2019-8394

Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.

Published: Feb 17, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-8394
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_servicedesk_plus	10.0.0-10011	10.0.0-10011.x
zohocorp / manageengine_servicedesk_plus	10.0.0-10010	10.0.0-10010.x
zohocorp / manageengine_servicedesk_plus	10.0.0-10009	10.0.0-10009.x
zohocorp / manageengine_servicedesk_plus	10.0.0-10008	10.0.0-10008.x
zohocorp / manageengine_servicedesk_plus	10.0.0-10007	10.0.0-10007.x
zohocorp / manageengine_servicedesk_plus	10.0.0-10006	10.0.0-10006.x
zohocorp / manageengine_servicedesk_plus	-	10.0.0
zohocorp / manageengine_servicedesk_plus	10.0.0	10.0.0.x
zohocorp / manageengine_servicedesk_plus	10.0.0-10000	10.0.0-10000.x
zohocorp / manageengine_servicedesk_plus	10.0.0-10001	10.0.0-10001.x
zohocorp / manageengine_servicedesk_plus	10.0.0-10002	10.0.0-10002.x
zohocorp / manageengine_servicedesk_plus	10.0.0-10003	10.0.0-10003.x
zohocorp / manageengine_servicedesk_plus	10.0.0-10004	10.0.0-10004.x
zohocorp / manageengine_servicedesk_plus	10.0.0-10005	10.0.0-10005.x