CVE-2014-6043

ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 - Authenticated Database Access via Direct Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-6043. PoCs published by Hans-Martin Muench.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated remote code execution vulnerability in ManageEngine EventLog Analyzer via a malicious ZIP file upload to the 'agentUpload' servlet, allowing arbitrary file placement in the web root. It also highlights an authorization bypass issue enabling low-privileged users to access the database browser.

Description

ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000.

Exploits (1)

exploitdb WORKING POC

by Hans-Martin Muench · textwebappsjsp

https://www.exploit-db.com/exploits/34519

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated remote code execution vulnerability in ManageEngine EventLog Analyzer via a malicious ZIP file upload to the 'agentUpload' servlet, allowing arbitrary file placement in the web root. It also highlights an authorization bypass issue enabling low-privileged users to access the database browser.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ManageEngine EventLog Analyzer 9.9 (Build 9002) and earlier

No auth needed

Prerequisites: Network access to the target server · Ability to craft a malicious ZIP file using evilarc

MITRE ATT&CK