← back
CVE-2019-15104

CVE-2019-15104

EPSS 7.8%
An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/47227unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://pentest.com.tr/exploits/DEFCON-ManageEngine-OpManager-v12-4-Privilege-Escalation-Remote-Command-Execution.htmlhttps://www.exploit-db.com/exploits/47227https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-15104.html