CVE-2022-28219 PoC — ZOHO ManageEngine ADAudit Plus 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-28219.yaml

Associated Vulnerability

Title:ZOHO ManageEngine ADAudit Plus 代码问题漏洞 (CVE-2022-28219)
Description:ZOHO ManageEngine ADAudit Plus是美国ZOHO公司的用于简化审计、证明合规性和检测威胁。 ZOHO ManageEngine ADAudit Plus 7060 之前存在代码问题漏洞，未经身份验证的攻击者可以利用该漏洞进行远程代码执行。

Description

Zoho ManageEngine ADAudit Plus before version 7060 is vulnerable to an
unauthenticated XML entity injection attack that can lead to remote code execution.

File Snapshot


 id: CVE-2022-28219

info:
  name: Zoho ManageEngine ADAudit Plus <7600 - XML Entity Injection/Remote

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!