What is CVE-2014-8499?

CVE-2014-8499 is a vulnerability in Manageengine Password_manager_pro, classified under SQL Injection. Published 2014-11-17.

Is CVE-2014-8499 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Manageengine Password_manager_pro

CVE-2014-8499

Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via…

Vulnerability class: SQL Injection

EPSS: 0.749 (98.9th percentile) — read the EPSS interpretation.

Affected products

Manageengine Password_manager_pro
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

pmp-cve20148499-sql-injection(98595) (vdb-entry, x_refsource_XF)
114485 (x_refsource_OSVDB, vdb-entry)
114484 (x_refsource_OSVDB, vdb-entry)
71018 (vdb-entry, x_refsource_BID)
passwordmanager-cve20148499-sql-injection(98597) (vdb-entry, x_refsource_XF)
cve@mitre.org (Exploit, x_refsource_MISC)
20141109 [The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro (mailing-list, x_refsource_FULLDISC)
cve@mitre.org (Exploit, x_refsource_MISC)
35210 (Exploit, exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2014-8499?: CVE-2014-8499 is a vulnerability in Manageengine Password_manager_pro, classified under SQL Injection. Published 2014-11-17.
Is CVE-2014-8499 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.