SQL Injection Flaw in ManageEngine OpUtils 5.0
CVE-2010-1044

Currently unrated

Key Information:

Vendor: Manageengine
Status: Oputils
Vendor: CVE Published:; 23 March 2010

Summary

The SQL injection vulnerability in ManageEngine OpUtils 5.0 exists in the Login.do file, where improper validation of the isHttpPort parameter allows remote attackers to inject and execute arbitrary SQL commands. This flaw could potentially lead to unauthorized data access and manipulation, increasing the risk of larger security breaches.

References

http://www.exploit-db.com/exploits/11330

exploitx_refsource_EXPLOIT-DB

https://exchange.xforce.ibmcloud.com/vulnerabilities/56102

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/38082

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Mar 23, 2010
Vulnerability Reserved
Mar 22, 2010