SQL Injection in Zohocorp Manageengine_password_manager_pro

CVE-2014-8498

SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary…

Vulnerability class: SQL Injection

EPSS: 0.046 (89.4th percentile) — read the EPSS interpretation.

Affected products

Zohocorp Manageengine_password_manager_pro
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

71016 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
114483 (x_refsource_OSVDB, vdb-entry, Broken Link)
cve@mitre.org (Exploit, VDB Entry, Third Party Advisory, x_refsource_MISC)
20141109 [The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro (mailing-list, Exploit, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
cve@mitre.org (Exploit, x_refsource_MISC)
passwordmanager-cve20148498-sql-injection(98596) (VDB Entry, vdb-entry, x_refsource_XF)
35210 (Exploit, exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)