SQL Injection Vulnerability in ManageEngine Password Manager Pro and IT360
CVE-2014-3997

Currently unrated

Key Information:

Vendor

Zohocorp
Status
Manageengine Password Manager Pro
Vendor
CVE Published:
5 December 2014

What is CVE-2014-3997?

An SQL injection vulnerability exists in the MetadataServlet servlet of ManageEngine Password Manager Pro and IT360, which could allow remote attackers or authenticated users to execute arbitrary SQL commands. The exploitation occurs via the 'sv' parameter within the MetadataServlet.dat endpoint. This vulnerability affects multiple versions of Password Manager Pro and IT360, highlighting the need for immediate attention and patching to secure sensitive data from unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://seclists.org/fulldisclosure/2014/Aug/55
mailing-listx_refsource_FULLDISC
https://raw.githubusercontent.com/pedrib/PoC/master/Manag...
x_refsource_MISC
https://raw.githubusercontent.com/pedrib/PoC/master/msf_m...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.