Vulners
Lucene search
| Reporter | Title | Published | Views | Family All 25 |
|---|---|---|---|---|
 | ManageEngine ADSelfService Plus Custom Script Execution Exploit | 21 Apr 202200:00 | – | zdt |
 | CVE-2022-28810 | 18 Apr 202200:00 | – | attackerkb |
 | CVE-2022-28810 | 18 Apr 202216:24 | – | circl |
 | Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability | 7 Mar 202300:00 | – | cisa_kev |
 | ZOHO ManageEngine ADSelfService Plus 信任管理问题漏洞 | 18 Apr 202200:00 | – | cnnvd |
 | ZOHO ManageEngine ADSelfService Plus Remote Code Execution Vulnerability (CNVD-2022-55220) | 20 Apr 202200:00 | – | cnvd |
 | Zoho ManageEngine ADSelfService Plus Command Injection (CVE-2022-28810) | 9 Jun 202200:00 | – | checkpoint_advisories |
 | CVE-2022-28810 | 18 Apr 202212:22 | – | cvelist |
 | ManageEngine ADSelfService Plus < build 6122 Command Injection | 13 Mar 202300:00 | – | nessus |
 | ManageEngine ADSelfService Plus Custom Script Execution | 21 Apr 202217:42 | – | metasploit |
10
Node
OROROROROROROROROROROROROROROROROROROROROROROR
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| APC_SETTINGS_DETAILS | request body | /ServletAPI/configuration/policyConfig/setAPCDetails | Policy update endpoint where the payload (script command) is injected into the policy to enable custom script execution. | CWE-78, CWE-798 |
| POLICY_NAME | request body | /ServletAPI/configuration/policyConfig/setAPCDetails | Policy update endpoint where the payload (script command) is injected into the policy to enable custom script execution. | CWE-78, CWE-798 |
| adscsrf | request body | /ServletAPI/configuration/policyConfig/setAPCDetails | Policy update endpoint where the payload (script command) is injected into the policy to enable custom script execution. | CWE-78, CWE-798 |
| SCRIPT_COMMAND_RESET | request body | /ServletAPI/configuration/policyConfig/setAPCDetails | Policy update endpoint where the payload (script command) is injected into the policy to enable custom script execution. | CWE-78, CWE-798 |
| SCRIPT_COMMAND_UNLOCK | request body | /ServletAPI/configuration/policyConfig/setAPCDetails | Policy update endpoint where the payload (script command) is injected into the policy to enable custom script execution. | CWE-78, CWE-798 |
| IS_CUSTOM_SCRIPT_ENABLED_RESET | request body | /ServletAPI/configuration/policyConfig/setAPCDetails | Policy update endpoint where the payload (script command) is injected into the policy to enable custom script execution. | CWE-78, CWE-798 |
| IS_CUSTOM_SCRIPT_ENABLED_UNLOCK | request body | /ServletAPI/configuration/policyConfig/setAPCDetails | Policy update endpoint where the payload (script command) is injected into the policy to enable custom script execution. | CWE-78, CWE-798 |
| POLICY_ID | query param | /ServletAPI/configuration/policyConfig/getAPCDetails | Endpoint to retrieve a specific policy's configuration before modification during exploitation. | CWE-78, CWE-798 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
31 Oct 2025 14:40Current
7High risk
Vulners AI Score7
CVSS 3.16.8
CVSS 27.1
EPSS0.90376
SSVC