cve/CVE-2019-10008.md at 410e68ca9dddb67493d84ae4fe8e1a9e392594db

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 17:22:02 +00:00

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab.

POC

Reference

https://www.exploit-db.com/exploits/46659
https://www.exploit-db.com/exploits/46659

Github

https://github.com/0xT11/CVE-POC
https://github.com/ARPSyndicate/cvemon
https://github.com/developer3000S/PoC-in-GitHub
https://github.com/hectorgie/PoC-in-GitHub
https://github.com/ignis-sec/CVE-2019-10008

1.0 KiB Raw Blame History

CVE-2019-10008

Description

POC

Reference

Github

1.0 KiB

Raw Blame History