CVE-2022-35405 PoC — ZOHO ManageEngine Password Manager Pro 代码问题漏洞

Source

https://github.com/viniciuspereiras/CVE-2022-35405

Associated Vulnerability

Title:ZOHO ManageEngine Password Manager Pro 代码问题漏洞 (CVE-2022-35405)
Description:Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)

Description

ManageEngine PAM360, Password Manager Pro, and Access Manager Plus unauthenticated remote code execution vulnerability PoC-exploit

Readme

# CVE-2022-35405
- [My blog post](https://bigous.me/2022/09/06/CVE-2022-35405.html)
- [Nuclei template](https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/2022/CVE-2022-35405.yaml)
- [Other article](https://xz.aliyun.com/t/11578)
### ManageEngine PAM360 and Password Manager Pro unauthenticated remote code execution vulnerability PoC (Access Manager Plus authenticated only :\)
| Product Name         | Affected Version(s)    | Default port |
|----------------------|------------------------|--------------|
| PAM360               | 5.5 (5500) and below   |   8282       |
| Password Manager Pro | 12.1 (12100) and below |   7272
| Access Manager Plus (authenticated)  | 4.3 (4302) and below   | 9292 |

Some custom installations use port 80 or 443.

#### Usage:
```bash
python3 CVE-2022-33405.py -u <url> -p <port> --jar '/path/to/ysoserial.jar' -c <command payload>
```

File Snapshot


 [4.0K]  /data/pocs/8f2caa50724384d0fabc9efe6968333bafc692c3
├── [1.7K]  CVE-2022-35405.py
└── [ 892]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!