CVE-2018-7890

CVE-2018-7890

A remote code execution issue was discovered in Zoho ManageEngine Applications Manager 13.5. The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection.

Source: CVE-2018-7890

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다