Arbitrary JSP File Execution via Directory Traversal in Micro Focus Novell Service Desk
CVE-2016-1593 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
Learn more about our User Device Pen Test.