Full title: ManageEngine ServiceDesk Plus Arbitrary File Upload Exploit Category: remote exploits Platform: jsp This Metasploit module exploits a file upload vulnerability in ManageEngine ServiceDesk Plus. The vulnerability exists in the FileUploader servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on versions v9 b9000 - b9102 in Windows and Linux. The MSP versions do not expose the vulnerable servlet. # 0day.today @ http://0day.today/