Full title: ManageEngine ServiceDesk Plus Remote Code Execution Exploit 
Category: web applications
Platform: java
This Metasploit module exploits CVE-2021-44077, an unauthenticated remote code execution vulnerability in ManageEngine ServiceDesk Plus, to upload an EXE (msiexec.exe) and execute it as the SYSTEM account. Note that build 11305 is vulnerable to the authentication bypass but not the file upload. The module will check for an exploitable build.

# 0day.today @ http://0day.today/