CVE-2019-11469 (manageengine_applications_manager)

Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the “Execute Program Action(s)” feature.
Source: NIST
CVE-2019-11469 (manageengine_applications_manager)

Leave a Reply

Your email address will not be published. Required fields are marked *