CVE-2021-33256 - Zohocorp Manageengine Adselfservice Plus
Critical 8.8
A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Report" as CSV file.
Affected software
Zohocorp Manageengine Adselfservice Plus