Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8394
Reference (s):
- BID:107129
- URL: http://www.securityfocus.com/bid/107129
- https://www.manageengine.com/products/service-desk/readme.html
- EXPLOIT-DB:46413
- URL: https://www.exploit-db.com/exploits/46413/