.. / CVE-2023-29084

Exploit for ManageEngine ADManager Plus - Command Injection (CVE-2023-29084)

Description:

Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings.

Nuclei Template

View the template here CVE-2023-29084.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-29084.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-29084
https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-29084.html
https://hnd3884.github.io/posts/CVE-2023-29084-Command-injection-in-ManageEngine-ADManager-plus/
http://packetstormsecurity.com/files/172755/ManageEngine-ADManager-Plus-Command-Injection.html
https://community.grafana.com/t/release-notes-v6-3-x/19202
https://manageengine.com