Strike ID:
E19-7nvx1
CVSS:
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
1
Year:
0

Description

This strike exploits an SQL injection vulnerability in Zoho ManageEngine Applications Manager. The vulnerability is caused by insufficient validation of user input resourcetype on HTTP requests which are used to create SQL queries. Successful exploitation could allow an attacker abilities to execute SQL queries on the target server.

CVE

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-%7B2019-11469%7D

References

https://support.ixiacom.com/%7B%7D

MSB

https://technet.microsoft.com/en-us/library/security/MS{}

BID

http://www.securityfocus.com/bid/{}

ExploitDB

http://www.exploit-db.com/exploits/{46740}

Secunia

http://secunia.com/advisories/{}

Security Tracker

http://securitytracker.com/id?%7B%7D

Metasploit

https://github.com/rapid7/metasploit-framework/blob/master/modules/{}

ZDI

http://www.zerodayinitiative.com/advisories/ZDI-{}

Google

https://code.google.com/p/google-security-research/issues/detail?id=%7B%7D

OSVDB

{}