EIP-2026-119395

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119395. PoCs published by Sachin Wagh.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in ManageEngine Firewall Analyzer 8.5, including privilege escalation via password change, multiple XSS vectors, and SQL query execution. The PoC includes HTTP requests for each vulnerability, showing how an attacker can escalate privileges, inject scripts, and execute arbitrary SQL queries.

Description

ManageEngine Firewall Analyzer 8.5 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by Sachin Wagh · textwebappswindows

https://www.exploit-db.com/exploits/39477

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in ManageEngine Firewall Analyzer 8.5, including privilege escalation via password change, multiple XSS vectors, and SQL query execution. The PoC includes HTTP requests for each vulnerability, showing how an attacker can escalate privileges, inject scripts, and execute arbitrary SQL queries.

Classification

Working Poc 95%

Attack Type

Auth Bypass | Xss | Sqli

Complexity

Trivial

Reliability

Reliable

Target: ManageEngine Firewall Analyzer 8.5

Auth required

Prerequisites: Access to the application as a guest user · Network access to the target server

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

ManageEngine Firewall Analyzer 8.5 - Multiple Vulnerabilities

Exploitation Summary

Description

Exploits (1)

Details