Exploit for #VU64906 XML External Entity injection in Zoho ManageEngine ADAudit Plus

Exploit for #VU64906 XML External Entity injection in Zoho ManageEngine ADAudit Plus

Published: 2022-07-04 | Updated: 2022-08-09

Vulnerability identifier: #VU64906

Vulnerability risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2022-28219

CWE-ID: CWE-611

Exploitation vector: Network

Exploits in database: 4

August 9, 2022
- ManageEngine ADAudit Plus Path Traversal / XML Injection [Packet Storm]
August 5, 2022
- ManageEngine ADAudit Plus CVE-2022-28219 [Metasploit]
July 6, 2022
- manageengine-auditad-cve-2022-28219 () [Github]
July 4, 2022
- CVE-2022-28219 (PoC for ManageEngine ADAudit Plus CVE-2022-28219) [Github]

Impact: Code execution

Vulnerable software:
Zoho ManageEngine ADAudit Plus
Server applications / Remote management servers, RDP, SSH

Vendor: Zoho Corporation