Skip to content
CVE-2019-12252 Zoho ManageEngine ServiceDesk Plus < 10.5 Incorrect Access Control
Branch: master
Clone or download
Latest commit f0012a6 May 21, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md

README.md

CVE-2019-12252 - Zoho ManageEngine ServiceDesk Plus < 10.5 Incorrect Access Control

In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&notifyTo=SOLFORWARD&id= substring

Researcher: Enter of VinCSS (Vingroup)

You can’t perform that action at this time.