# Exploit Title: Zoho ManageEngine ServiceDesk Plus < 10.5 Incorrect Access Control
# Date: 2019-05-21
# Exploit Author: Enter of VinCSS (Vingroup)
# Vendor Homepage: https://www.manageengine.com/products/service-desk
# Version: Zoho ManageEngine ServiceDesk Plus < 10.5
# CVE : CVE-2019-12252



In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the 

SDNotify.do?notifyModule=Solution&mode=E-Mail&notifyTo=SOLFORWARD&id= substring

Link to post

Link to comment

Share on other sites

Followers 0

Go to topic listing

Recently Browsing 0 members
- No registered users viewing this page.

www.chthackerworld.com - 我们是一个生机勃勃的技术交流社区，致力于学习和分享黑客攻防知识、技术爱好、编程专业知识，并拥有许多正在开发的活跃项目。加入我们的用户可以在其中讨论黑客攻击、网络安全等。并参与本论坛举办的赛事！我们不会对友国或本国任何站点上进行非法渗透入侵或破坏网络活动，如果使用名称为The hacker World 或 CNHACKTEAM 名称进行黑客活动，请从站点服务器访问日志中识别执行此活动的 IP 地址，我们将积极配合调查。

黑客世界站内导航 (SITE MAP)

Create New...

Sign In

Zoho ManageEngine ServiceDesk Plus < 10.5 - Improper Access Restrictions

Recommended Posts

This CHT

Link to post

Link to comment

Share on other sites

Recently Browsing 0 members

黑客世界站内导航 (SITE MAP)