CVE-2020-15394

CRITICAL

Zoho ManageEngine Applications Manager <build 14740 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-15394. PoCs published by trungtin1998.

AI-analyzed exploit summary This PoC demonstrates a SQL injection vulnerability in ManageEngine Applications Manager via the `checkResourceID` endpoint. The exploit uses time-based blind SQLi techniques to confirm true/false conditions in the query.

Description

The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.

Exploits (1)

nomisec WORKING POC

by trungtin1998 · poc

https://github.com/trungtin1998/CVE-2020-15394-PoC

View Code ZIP pw:eip

This PoC demonstrates a SQL injection vulnerability in ManageEngine Applications Manager via the `checkResourceID` endpoint. The exploit uses time-based blind SQLi techniques to confirm true/false conditions in the query.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: ManageEngine Applications Manager (version not specified)

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Product x_refsource_misc

https://www.manageengine.com

Vendor Advisory x_refsource_confirm

https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-15394.html

Vendor Advisory x_refsource_confirm

https://www.manageengine.com/products/applications_manager/issues.html#v14740

Scores

CVSS v3 9.8

EPSS 0.0787

EPSS Percentile 94.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

zohocorp/manageengine_applications_manager 14.0 (50 CPE variants)

Published Sep 25, 2020

Tracked Since Feb 18, 2026