SQL Injection Vulnerabilities in ManageEngine Applications Manager by Zoho Corporation
CVE-2012-1063

Currently unrated

Key Information:

Vendor: Manageengine
Status: Applications Manager
Vendor: CVE Published:; 14 February 2012

Summary

Multiple SQL injection vulnerabilities exist in ManageEngine Applications Manager versions 9.x and 10.x, enabling remote attackers to manipulate database commands. These vulnerabilities stem from insufficient validation of user inputs, specifically the viewId parameter in fault/AlarmView.do and the period parameter in showHistoryData.do. Exploiting these weaknesses could give unauthorized users the ability to execute arbitrary SQL commands, potentially compromising the integrity and confidentiality of the database.

References

http://www.vulnerability-lab.com/get_content.php?id=115

x_refsource_MISC

http://packetstormsecurity.org/files/view/109238/VL-115.txt

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/72831

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 14, 2012
Vulnerability Reserved
Feb 13, 2012