SQL Injection Vulnerability in ManageEngine Password Manager Pro by ManageEngine
CVE-2015-5459

Currently unrated

Key Information:

Vendor

Zohocorp
Status
Manageengine Password Manager Pro
Vendor
CVE Published:
8 July 2015

What is CVE-2015-5459?

An SQL injection vulnerability exists in the AdvanceSearch.class of AdventNetPassTrix.jar within the ManageEngine Password Manager Pro. This flaw permits remote authenticated users to execute arbitrary SQL commands by manipulating the ANDOR parameter. Successful exploitation of this vulnerability could allow attackers to access sensitive data, modify database content, or perform unauthorized operations, highlighting the critical need for timely updates and secure coding practices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.manageengine.com/products/passwordmanagerpro/...
x_refsource_CONFIRM
http://packetstormsecurity.com/files/132511/ManageEngine-...
x_refsource_MISC
http://seclists.org/fulldisclosure/2015/Jun/104
mailing-listx_refsource_FULLDISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.