CVEs-PoC/2021/CVE-2021-20081.md

### [CVE-2021-20081](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20081)
![](https://img.shields.io/static/v1?label=Product&message=ManageEngine%20ServiceDesk%20Plus&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Before%2011205%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Incomplete%20List%20of%20Disallowed%20Inputs%20leading%20to%20Authenticated%20Remote%20Command%20Execution&color=brightgreen)

### Description

Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.

### POC

#### Reference
- https://www.tenable.com/security/research/tra-2021-22

#### Github
- https://github.com/n0-traces/cve_monitor