### [CVE-2020-10189](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10189)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.

### POC

#### Reference
- http://packetstormsecurity.com/files/156730/ManageEngine-Desktop-Central-Java-Deserialization.html
- https://srcincite.io/advisories/src-2020-0011/
- https://srcincite.io/pocs/src-2020-0011.py.txt
- https://www.zdnet.com/article/zoho-zero-day-published-on-twitter/

#### Github
- https://github.com/20142995/Goby
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
- https://github.com/Ares-X/VulWiki
- https://github.com/BLACKpwn/Remote_Code_Execution-
- https://github.com/BrittanyKuhn/javascript-tutorial
- https://github.com/CnHack3r/Penetration_PoC
- https://github.com/EchoGin404/-
- https://github.com/EchoGin404/gongkaishouji
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
- https://github.com/HimmelAward/Goby_POC
- https://github.com/Live-Hack-CVE/CVE-2020-10189
- https://github.com/MelanyRoob/Goby
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
- https://github.com/SexyBeast233/SecBooks
- https://github.com/SouthWind0/southwind0.github.io
- https://github.com/Tyro-Shan/gongkaishouji
- https://github.com/XRSec/AWVS14-Update
- https://github.com/YIXINSHUWU/Penetration_Testing_POC
- https://github.com/Z0fhack/Goby_POC
- https://github.com/ZTK-009/Penetration_PoC
- https://github.com/apachecn-archive/Middleware-Vulnerability-detection
- https://github.com/bhdresh/SnortRules
- https://github.com/cetriext/fireeye_cves
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/gobysec/Goby
- https://github.com/hasee2018/Penetration_Testing_POC
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/huike007/penetration_poc
- https://github.com/huike007/poc
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection
- https://github.com/mandiant/heyserial
- https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/password520/Penetration_PoC
- https://github.com/pentration/gongkaishouji
- https://github.com/retr0-13/Goby
- https://github.com/soosmile/POC
- https://github.com/tdtc7/qps
- https://github.com/whitfieldsdad/epss
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/yedada-wei/-
- https://github.com/yedada-wei/gongkaishouji
- https://github.com/zavke/CVE-2020-10189-ManageEngine