ManageEngine Applications Manager CVE-2018-7890 Remote Code Execution Vulnerability

ManageEngine Applications Manager is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the affected system. Failed exploit attempts may result in a denial-of-service condition.

Information

Bugtraq ID: 103358
Class: Input Validation Error
CVE: CVE-2018-7890

Remote: Yes
Local: No
Published: Mar 08 2018 12:00AM
Updated: Mar 08 2018 12:00AM
Credit: Mehmet INCE
Vulnerable: Zoho ManageEngine Applications Manager 13.5

Not Vulnerable:

Exploit

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

References:

Adding ManageEngine Application Manager RCE (Mehmet INCE)
Advisory | ManageEngine Applications Manager Remote Code Execution and SQLi (Mehmet Ince)
ManageEngine Applications Manager Homepage (ManageEngine)

Source: www.securityfocus.com

Exploit Collector

Search Exploit