VULHUB ™

This Metasploit module exploits a directory traversal flaw found in ManageEngine SecurityManager Plus 5.5 or less. When handling a file download request, the DownloadServlet class fails to properly check the f parameter, which can be abused to read any file outside the virtual directory.

This Metasploit module exploits a directory traversal flaw found in ManageEngine SecurityManager Plus 5.5 or less. When handling a file download request, the DownloadServlet class fails to properly check the f parameter, which can be abused to read any file outside the virtual directory.