CVE-2014-100002

Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.

Date published : 2015-01-13

https://supportcenter.wiki.zoho.com/ReadMe-V2.html

http://www.exploit-db.com/exploits/31262