Zohocorp ADManager Plus vulnerable to SQL Injection
CVE-2024-48878

8.8HIGH

Key Information:

Vendor: Zohocorp
Status: Manageengine Admanager Plus
Vendor: CVE Published:; 4 November 2024

What is CVE-2024-48878?

ManageEngine ADManager Plus software, developed by Zohocorp, is susceptible to a SQL Injection vulnerability found in the Archived Audit Report feature. This issue affects all versions up to and including 7241, allowing attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive data. The vulnerability underscores the importance of applying security patches and maintaining updated software to protect against data breaches and exploitation.

References

https://www.manageengine.com/products/ad-manager/admanage...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2024