File Type/Extension Validation Bypass in Zoho ManageEngine Desktop Central

File Type/Extension Validation Bypass in Zoho ManageEngine Desktop Central

CVE-2018-5341 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts.

Learn more about our Cis Benchmark Audit For Desktop Software.