## https://sploitus.com/exploit?id=SAINT:27C5127555C4E549C099885D4DCD41D9
Added: 02/17/2023
### Background
[Zoho ManageEngine ServiceDesk Plus](<https://www.manageengine.com/products/service-desk/>) is IT helpdesk software.
### Problem
A vulnerability in an outdated Apache Santuario library in ServiceDesk Plus allows a remote, unauthenticated attacker to execute arbitrary commands by sending a specially crafted `**SAMLResponse**` parameter to the SAML endpoint.
### Resolution
[Upgrade](<https://www.manageengine.com/products/service-desk/on-premises/migration-sequence.html>) to ServiceDesk Plus 14004 or higher.
### References
<https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html>
<https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/>
### Limitations
The target must have been configured with SAML-based SSO at least once in the past in order to be exploitable.
### Platforms
Windows