Full title: ManageEngine ADAudit Plus Path Traversal / XML Injection Exploit 
Category: remote exploits
Platform: windows
This Metasploit module exploits CVE-2022-28219, which is a pair of vulnerabilities in ManageEngine ADAudit Plus versions before build 7060. They include a path traversal in the /cewolf endpoint along with a blind XML external entity injection vulnerability to upload and execute a file.

# 0day.today @ http://0day.today/