Blind SQL Injection Vulnerability in Zoho ManageEngine ADAudit Plus
CVE-2018-10466

9.8CRITICAL

Key Information:

Vendor: Zohocorp
Status: Manageengine Adaudit Plus
Vendor: CVE Published:; 29 May 2018

What is CVE-2018-10466?

A vulnerability exists in Zoho's ManageEngine ADAudit Plus prior to version 5.0.0 build 5100 that allows for blind SQL injection attacks. This weakness could enable an unauthorized user to execute arbitrary SQL commands, potentially compromising sensitive data and impacting the integrity of the database. This flaw highlights the critical need for robust validation and sanitization of user inputs to prevent exploitation by malicious actors.

References

https://www.manageengine.com/products/active-directory-au...

x_refsource_CONFIRM

https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-10466

x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2018
Vulnerability Reserved
Apr 26, 2018

Zohocorp

What is CVE-2018-10466?

References

EPSS Score

CVSS V3.1

Timeline