SQL Injection Vulnerability in ManageEngine Password Manager Pro
CVE-2014-8498

Currently unrated

Key Information:

Vendor: Zohocorp
Status: Manageengine Password Manager Pro
Vendor: CVE Published:; 17 November 2014

What is CVE-2014-8498?

A SQL injection vulnerability exists in ManageEngine Password Manager Pro (PMP) and its Managed Service Providers (MSP) edition prior to version 7.1 build 7105. This flaw enables remote authenticated users to execute arbitrary SQL commands through the SEARCH_ALL parameter, potentially compromising the integrity and confidentiality of the database. Attackers can manipulate SQL queries, gaining unauthorized access to sensitive data stored within the application.

References

http://www.securityfocus.com/bid/71016

vdb-entryx_refsource_BID

http://osvdb.org/show/osvdb/114483

vdb-entryx_refsource_OSVDB

http://packetstormsecurity.com/files/129036/Password-Mana...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2014
Vulnerability Reserved
Oct 28, 2014

Zohocorp

What is CVE-2014-8498?

References

Timeline