Home / exploits ManageEngine ADAudit Plus Path Traversal / XML Injection
Posted on 08 August 2022
This Metasploit module exploits CVE-2022-28219, which is a pair of vulnerabilities in ManageEngine ADAudit Plus versions before build 7060. They include a path traversal in the /cewolf endpoint along with a blind XML external entity injection vulnerability to upload and execute a file.