ManageEngine ADAudit Plus Path Traversal / XML Injection

This Metasploit module exploits CVE-2022-28219, which is a pair of vulnerabilities in ManageEngine ADAudit Plus versions before build 7060. They include a path traversal in the /cewolf endpoint along with a blind XML external entity injection vulnerability to upload and execute a file.

adaudit plus injection manageengine manageengine adaudit plus path path traversal xml xml injection