SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  ManageEngine ADSelfService Plus Command Injection 2

Category: WEB-ATTACKS      

Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.


Relevant Information