CVE-2015-7766

ZOHO ManageEngine OpManager <11.6 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-7766. PoCs published by Metasploit, including Metasploit module exploits/windows/http/manage_engine_opmanager_rce.

AI-analyzed exploit summary This Metasploit module exploits a default credential vulnerability in ManageEngine OpManager, using a hidden account 'IntegrationUser' with a default password 'plugin' to execute arbitrary SQL queries, write a WAR payload to disk, and trigger its deployment for remote code execution.

Description

PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotejava

https://www.exploit-db.com/exploits/38221

View Code ZIP pw:eip

This Metasploit module exploits a default credential vulnerability in ManageEngine OpManager, using a hidden account 'IntegrationUser' with a default password 'plugin' to execute arbitrary SQL queries, write a WAR payload to disk, and trigger its deployment for remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ManageEngine OpManager v11.5 and v11.6

Auth required

Prerequisites: Network access to the target · ManageEngine OpManager with default credentials

MITRE ATT&CK

T1110.001 - Password Guessing T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC MANUAL

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/manage_engine_opmanager_rce.rb