mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-08 22:35:37 +02:00
0xMarcio
811 B
811 B
CVE-2010-3273
Description
ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult.
POC
Reference
- http://securityreason.com/securityalert/8089
- http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities
Github
No PoCs found on GitHub currently.