SQL Injection Vulnerability in ManageEngine Password Manager Pro by ManageEngine
CVE-2015-5459

Currently unrated

Key Information:

Vendor: Zohocorp
Status: Manageengine Password Manager Pro
Vendor: CVE Published:; 8 July 2015

What is CVE-2015-5459?

An SQL injection vulnerability exists in the AdvanceSearch.class of AdventNetPassTrix.jar within the ManageEngine Password Manager Pro. This flaw permits remote authenticated users to execute arbitrary SQL commands by manipulating the ANDOR parameter. Successful exploitation of this vulnerability could allow attackers to access sensitive data, modify database content, or perform unauthorized operations, highlighting the critical need for timely updates and secure coding practices.

References

https://www.manageengine.com/products/passwordmanagerpro/...

x_refsource_CONFIRM

http://packetstormsecurity.com/files/132511/ManageEngine-...

x_refsource_MISC

http://seclists.org/fulldisclosure/2015/Jun/104

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2015
Vulnerability Reserved
Jul 8, 2015

Zohocorp

What is CVE-2015-5459?

References

Timeline