CVE-2018-7890
CVE-2018-7890
A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/44274/unverifiedexploitdbwww.exploit-db.com/exploits/44274unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/rapid7/metasploit-framework/pull/9684https://pentest.blog/advisory-manageengine-applications-manager-remote-code-execution-sqli-and/https://pitstop.manageengine.com/portal/community/topic/security-vulnerability-issues-fixed-upgrade-to-the-latest-version-of-applications-managerhttps://www.exploit-db.com/exploits/44274/https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-7890.htmlhttp://www.securityfocus.com/bid/103358