An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts.
https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html