Home / exploitsPDF  

ManageEngine ADManager Plus Command Injection

Posted on 06 June 2023

ManageEngine ADManager Plus versions prior to build 7181 are vulnerable to an authenticated command injection vulnerability due to insufficient validation of user input when performing the ChangePasswordAction function before passing it into a string that is later used as an OS command to execute.

 

TOP