Here's the page we think you wanted. See search results instead:

ManageEngine OpManager SetManaged API SQL Injection

Strike ID:
E18-5n7n1
CVSS:
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
False Positive:
f
Variants:
2
Year:
2018

Description

This strike exploits a blind SQL injection vulnerability in ManageEngine's OpManager application. The vulnerability is present in a API parameter for managing devices as a result of insufficient user input sanitization. Therefore, an attacker may be able to read arbitrary database records or even access system files, depending on the database's configuration.

CVE

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17283

References

https://github.com/x-f1v3/ForCve/issues/4