CVE-2018-19374

HIGH

Zoho ManageEngine ADManager Plus 6.6 Build 6657 - Privilege Escalation via Trojan Horse File in Bin Directory

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-19374. PoCs published by Digital Interruption.

AI-analyzed exploit summary This exploit describes a privilege escalation vulnerability in Zoho ManageEngine ADManager Plus due to weak permissions on critical directories, allowing authenticated users to modify core files and achieve LOCAL SYSTEM privileges via a persistence mechanism in ChangeJRE.bat.

Description

Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory.

Exploits (1)

exploitdb WRITEUP
by Digital Interruption · textlocalwindows
https://www.exploit-db.com/exploits/46707

This exploit describes a privilege escalation vulnerability in Zoho ManageEngine ADManager Plus due to weak permissions on critical directories, allowing authenticated users to modify core files and achieve LOCAL SYSTEM privileges via a persistence mechanism in ChangeJRE.bat.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Zoho ManageEngine ADManager Plus 6.6 (Build < 6659)
Auth required
Prerequisites: Authenticated access to the system · Ability to write to the installation directory
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 7.0
EPSS 0.0108
EPSS Percentile 60.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-732
Status published
Products (1)
zohocorp/manageengine_admanager_plus 6.6 6657
Published Apr 30, 2019
Tracked Since Feb 18, 2026