CVEs-PoC/2019/CVE-2019-11448.md at 2ef066380cb36dba2e454190ca2349fcff6ca2df

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-24 15:54:10 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file.

POC

Reference

https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-SQLi-Remote-Code-Execution.html
https://www.exploit-db.com/exploits/46725
https://www.exploit-db.com/exploits/46725/

Github

https://github.com/loganpkinfosec/ManageEngine_SQLI_RCE

928 B Raw Blame History

CVE-2019-11448

Description

POC

Reference

Github

928 B

Raw Blame History