
CVE-2022-28810
- Reference to the description:
- Description:
- Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.
- Last updated date:
- 04/26/2022
Reports

ACTIVELY EXPLOITED
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 03/07/2023
- Reference url to background
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 04/20/2022
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 04/26/2022
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 04/26/2022
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 04/26/2022