This Metasploit module exploits an arbitrary file upload vulnerability in ManageEngine DesktopCentral v7 to v9 build 90054 (including the MSP versions). A malicious user can upload a JSP file into the web root without authentication, leading to arbitrary code execution as SYSTEM. Some early builds of version 7 are not exploitable as they do not ship with a bundled Java compiler.
3f00913148c06a584d92ce2a97c94e9b52e8665ae0cc5ea1934eb1b11d43053a
ManageEngine Desktop Central suffers from code execution and remote shell upload vulnerabilities.
10bd111ea2eac7377ab0c21dde2c9553725d2797491800a418dea4169e3ccb4a