Strike ID:
E19-7nvx1
CVSS:
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
1
Year:
0

Description

This strike exploits an SQL injection vulnerability in Zoho ManageEngine Applications Manager. The vulnerability is caused by insufficient validation of user input resourcetype on HTTP requests which are used to create SQL queries. Successful exploitation could allow an attacker abilities to execute SQL queries on the target server.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}