CVE-2020-12116

HIGH NUCLEI

Zoho ManageEngine OpManger - Arbitrary File Read

Title source: nuclei

Description

Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.

Exploits (1)

nomisec WORKING POC 32 stars

by BeetleChunks · poc

https://github.com/BeetleChunks/CVE-2020-12116

View Code ZIP pw:eip

Nuclei Templates (1)

Zoho ManageEngine OpManger - Arbitrary File Read

HIGHby dwisiswant0

Shodan: http.title:"opmanager plus"

FOFA: title="opmanager plus"

References (2)

[Vendor Advisory] https://www.manageengine.com/network-monitoring/help/read-me-complete.html

[Vendor Advisory] https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125125

Scores

CVSS v3 7.5

EPSS 0.9174

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

zohocorp/manageengine_opmanager 12.4 (50 CPE variants)

Published May 07, 2020

Tracked Since Feb 18, 2026