SQL Injection in ZOHO ManageEngine OpManager, IT360, and Social IT Plus
CVE-2014-7868

Currently unrated

Key Information:

Vendor

Zohocorp
Status
Manageengine Social It Plus
Vendor
CVE Published:
4 December 2014

What is CVE-2014-7868?

Multiple SQL injection vulnerabilities were discovered in ZOHO's ManageEngine OpManager, IT360, and Social IT Plus. These vulnerabilities enable remote attackers or authenticated users to execute arbitrary SQL commands. Specifically, the vulnerabilities exist through the OPM_BVNAME parameter in a Delete operation directed at the APMBVHandler servlet, and a query parameter in a compare operation to the DataComparisonServlet. Exploitation of these vulnerabilities can lead to unauthorized access and manipulation of database content.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/71002
vdb-entryx_refsource_BID
http://seclists.org/fulldisclosure/2014/Nov/21
mailing-listx_refsource_FULLDISC
https://raw.githubusercontent.com/pedrib/PoC/master/Manag...
x_refsource_MISC

EPSS Score

69% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.