SQL Injection in Zohocorp Manageengine_it360
CVE-2014-7868
Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME…
Vulnerability class: SQL Injection
EPSS: 0.657 (98.5th percentile) — read the EPSS interpretation.
Affected products
- Zohocorp Manageengine_it360 — versions 10.3.0, 10.4
- Zohocorp Manageengine_opmanager — versions 11.3, 11.4
- Zohocorp Manageengine_social_it_plus — versions 11.0
- N/a — versions n/a
Weakness classification (CWE)
References
- 71002 (Exploit, vdb-entry, x_refsource_BID)
- 20141109 [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360 (mailing-list, Exploit, x_refsource_FULLDISC)
- cve@mitre.org (Exploit, x_refsource_MISC)
- 20141109 [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360 (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (x_refsource_CONFIRM, Exploit, Patch)
- cve@mitre.org (Exploit, x_refsource_MISC)