Zoho ManageEngine Exchange Reporter Plus Vulnerable to Authenticated SQL Injection
CVE-2024-21775
8.8HIGH
What is CVE-2024-21775?
Zoho ManageEngine Exchange Reporter Plus versions up to 5714 are susceptible to an authenticated SQL injection vulnerability concerning its report exporting feature. This weakness could allow an attacker with valid credentials to exploit the system and execute arbitrary SQL commands. As a result, sensitive data may be exposed or manipulated, leading to potential data breaches and unauthorized access. It is crucial for users to apply necessary patches and updates to safeguard their systems against this type of attack.
Affected Version(s)
Exchange Reporter Plus Windows 0