Full title: ManageEngine Desktop Central StatusUpdate Arbitrary File Upload Exploit 
Category: remote exploits
Platform: windows
This module exploits an arbitrary file upload vulnerability in ManageEngine DesktopCentral v7 to v9 build 90054 (including the MSP versions). A malicious user can upload a JSP file into the web root without authentication, leading to arbitrary code execution as SYSTEM. Some early builds of version 7 are not exploitable as they do not ship with a bundled Java compiler.

# 0day.today @ http://0day.today/