CVE-2023-29084

HIGH NUCLEI

ManageEngine ADManager Plus ChangePasswordAction Authenticated Command Injection

Title source: metasploit

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-29084. PoCs published by ohnonoyesyes, Simon Humbert, Dinh Hoang, Grant Willcox, including Metasploit module exploits/windows/http/manageengine_admanager_plus_cve_2023_29084_auth_cmd_injection. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a functional proof-of-concept for CVE-2023-29084, demonstrating a command injection vulnerability in ManageEngine ADManager Plus via a crafted HTTP POST request to the `/api/json/admin/saveServerSettings` endpoint. The exploit leverages the `PASSWORD` parameter to inject and execute arbitrary commands (e.g., `calc.exe`).

Description

Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings.

Exploits (2)

nomisec WORKING POC 4 stars

by ohnonoyesyes · poc

https://github.com/ohnonoyesyes/CVE-2023-29084

View Code ZIP pw:eip

The repository contains a functional proof-of-concept for CVE-2023-29084, demonstrating a command injection vulnerability in ManageEngine ADManager Plus via a crafted HTTP POST request to the `/api/json/admin/saveServerSettings` endpoint. The exploit leverages the `PASSWORD` parameter to inject and execute arbitrary commands (e.g., `calc.exe`).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ManageEngine ADManager Plus

Auth required

Prerequisites: Valid session cookies (e.g., `JSESSIONID`, `token`) · Access to the `/api/json/admin/saveServerSettings` endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Simon Humbert, Dinh Hoang, Grant Willcox · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/manageengine_admanager_plus_cve_2023_29084_auth_cmd_injection.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated command injection vulnerability in ManageEngine ADManager Plus by modifying proxy settings via a crafted JSON payload to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ManageEngine ADManager Plus (builds prior to 7181)

Auth required

Prerequisites: Valid credentials for ADManager Plus · Network access to the target

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

ManageEngine ADManager Plus - Command Injection

HIGHby rootxharsh,iamnoooob,pdresearch

References (3)

Core 3

Core References

Product

https://manageengine.com

Vendor Advisory

https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-29084.html

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/172755/ManageEngine-ADManager-Plus-Command-Injection.html

Scores

CVSS v3 7.2

EPSS 0.9388

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Products (2)

zohocorp/manageengine_admanager_plus 7.1 7100 (32 CPE variants)

zohocorp/manageengine_admanager_plus < 7.1

Published Apr 13, 2023

Tracked Since Feb 18, 2026