Zoho ManageEngine ADAudit Plus Vulnerability: SQL Injection Risk
CVE-2023-49330
8.3HIGH
Summary
A SQL Injection vulnerability exists in Zoho ManageEngine ADAudit Plus versions prior to 7271. This vulnerability allows attackers to exploit the application by executing arbitrary SQL queries through manipulated input, potentially leading to unauthorized access to sensitive information, including aggregate report data. Organizations utilizing affected versions should prioritize applying the latest updates to mitigate the risk associated with this security issue.
Affected Version(s)
ADAudit Plus 0 < 7271
References
CVSS V3.1
Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved