Giters

viniciuspereiras / CVE-2022-35405

ManageEngine PAM360, Password Manager Pro, and Access Manager Plus unauthenticated remote code execution vulnerability PoC-exploit

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

exploitjavapocrcevulnerabilitycve-2022-35405

CVE-2022-35405

ManageEngine PAM360 and Password Manager Pro unauthenticated remote code execution vulnerability PoC (Access Manager Plus authenticated only :)

Product Name Affected Version(s) Default port
PAM360 5.5 (5500) and below 8282
Password Manager Pro 12.1 (12100) and below 7272
Access Manager Plus (authenticated) 4.3 (4302) and below 9292

Some custom installations use port 80 or 443.

Usage:

python3 CVE-2022-33405.py -u <url> -p <port> --jar '/path/to/ysoserial.jar' -c <command payload>

About

ManageEngine PAM360, Password Manager Pro, and Access Manager Plus unauthenticated remote code execution vulnerability PoC-exploit

exploitjavapocrcevulnerabilitycve-2022-35405

Languages

Language:Python 100.0%