ManageEngine ADAudit Plus | CVE-2023-50785

The vulnerability discovered in ADAudit Plus allows an attacker to perform arbitrary directory traversal, enabling them to list files and folders from any path. This exploit involves manipulating the request parameters in the “folderTree” endpoint. By sending a crafted POST request with a modified “id” parameter, an attacker can bypass path restrictions using URL encoding, such as ‘\..\..\..’. This vulnerability poses a significant risk as it allows authenticated attackers to obtain a file list from any directory. It could potentially lead to unauthorized access and information disclosure.

Discovered by Hazard Lab.