Full title: ManageEngine ADSelfService Plus Authentication Bypass / Code Execution Exploit 
Category: remote exploits
Platform: php
This Metasploit module exploits CVE-2021-40539, a REST API authentication bypass vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and execute it as the user running ADSelfService Plus - which is SYSTEM if started as a service.

# 0day.today @ http://0day.today/