← back
CVE-2019-11448

CVE-2019-11448

EPSS 12.4%
An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/46725/unverifiedcve_referencewww.exploit-db.com/exploits/46725unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-SQLi-Remote-Code-Execution.htmlhttps://www.exploit-db.com/exploits/46725https://www.exploit-db.com/exploits/46725/https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11448.html