admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2020-10189

Browse Source
This commit is contained in:
tardc 2020-06-23 19:13:21 +08:00
parent 40e8881c1c
commit 606397e482
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
ManageEngine/CVE-2020-10189/CVE-2020-10189.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 281 KiB

9
ManageEngine/CVE-2020-10189/README.md Normal file
View File

@ -0,0 +1,9 @@
# CVE-2020-10189 Zoho ManageEngine Desktop Central 10 getChartImage rce
Zoho ManageEngine Desktop Central 10 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.
**[FOFA](https://fofa.so/result?qbase64=YXBwPSJab2hvLU1hbmFnZUVuZ2luZS1EZXNrdG9wIg%3D%3D) query rule**: app="Zoho-ManageEngine-Desktop"
# Demo
![](CVE-2020-10189.gif)