Home / exploits ManageEngine ADManager Plus Command Injection
Posted on 06 June 2023
ManageEngine ADManager Plus versions prior to build 7181 are vulnerable to an authenticated command injection vulnerability due to insufficient validation of user input when performing the ChangePasswordAction function before passing it into a string that is later used as an OS command to execute.
