CVE-2022-35405 PoC — ZOHO ManageEngine Password Manager Pro 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-35405.yaml

Associated Vulnerability

Title:ZOHO ManageEngine Password Manager Pro 代码问题漏洞 (CVE-2022-35405)
Description:ZOHO ManageEngine Password Manager Pro是美国卓豪（ZOHO）公司的一款密码管理器。 ZOHO ManageEngine Password Manager Pro 12101 之前版本和PAM360 5510之前版本存在安全漏洞，该漏洞源于容易受到未经身份验证的远程代码执行的攻击。（这也会影响 ManageEngine Access Manager Plus 4303之前版本的身份验证。）

Description

Zoho ManageEngine Password Manager Pro, PAM 360, and Access Manager Plus are susceptible to unauthenticated remote code execution via XML-RPC. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

File Snapshot


 id: CVE-2022-35405

info:
  name: Zoho ManageEngine - Remote Code Execution
  author: viniciuspereir

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!