ManageEngine ServiceDesk Plus Arbitrary File Upload

This Metasploit module exploits a file upload vulnerability in ManageEngine ServiceDesk Plus. The vulnerability exists in the FileUploader servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on versions v9 b9000 – b9102 in Windows and Linux. The MSP versions do not expose the vulnerable servlet.

Leave a Reply