漏洞描述
ZOHO ManageEngine ADSelfService Plus是卓豪(ZOHO)公司的针对 Active Directory和云应用程序的集成式自助密码管理和单点登录解决方案。 Zoho ManageEngine ADSelfService Plus 6113 及更早版本存在REST API 身份验证绕过漏洞,远程攻击者可以利用此漏洞来控制受影响的系统。
ADSelfService Plus远程代码执行漏洞(CVE-2021-40539)
PoC代码
暂无相关漏洞推荐
- POC CVE-2021-37416: Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting
- POC CVE-2021-40539: Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution
- POC CVE-2022-24681: ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting
- Zoho ManageEngine ADSelfService Plus CVE-2022-28810命令注入漏洞
- Zoho ManageEngine ADSelfService Plus Mobile App Authentication API Dos漏洞
- CVE-2021-40539 Zoho ManageEngine ADSelfService Plus存在远程代码执行漏洞
- Zoho ManageEngine ADSelfService Plus 远程代码执行漏洞