CVE: CVE-2018-7890
Published: 2018-03-08T22:29Z
Description Language: en
Description: A remote code execution issue was discovered in Zoho ManageEngine Applications Manager 13.5. The publicly accessible endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection.

Advisory | ManageEngine Applications Manager Remote Code Execution and SQLi