CVE-2021-44077
Description
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
NVD
Severity: CRITICAL
CVE ID: CVE-2021-44077
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2021-44077
Refrence: Project Discovery GitHub
horizon3ai
Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077
Refrence: GitHub
pizza-power
Golang Proof of Concept Exploit for CVE-2021-44077: PreAuth RCE in ManageEngine ServiceDesk Plus < 11306
Refrence: GitHub