CVE-2019-15106

CRITICAL

ManageEngine OpManager < 12.4.034 - Unauthenticated Remote Command Execution via Default Credential Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-15106. PoCs published by AkkuS.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated remote command execution vulnerability in ManageEngine OpManager v12.4x by bypassing authentication, uploading a malicious file, and executing it to achieve RCE.

Description

An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for the password. For example, if the username is admin, the password is admin@opm.

Exploits (1)

exploitdb WORKING POC
by AkkuS · rubyremotemultiple
https://www.exploit-db.com/exploits/47229

This Metasploit module exploits an unauthenticated remote command execution vulnerability in ManageEngine OpManager v12.4x by bypassing authentication, uploading a malicious file, and executing it to achieve RCE.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ManageEngine OpManager v12.4.034 and prior
No auth needed
Prerequisites: Network access to the target server on port 8060
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 9.8
EPSS 0.3684
EPSS Percentile 97.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-306
Status published
Products (1)
zohocorp/manageengine_opmanager < 12.4.034
Published Aug 16, 2019
Tracked Since Feb 18, 2026