What is CVE-2015-5459?

CVE-2015-5459 is a vulnerability in Zohocorp Manageengine_password_manager_pro, classified under SQL Injection. Published 2015-07-08.

Is CVE-2015-5459 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Zohocorp Manageengine_password_manager_pro

CVE-2015-5459

SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, a…

Vulnerability class: SQL Injection

EPSS: 0.008 (75.1th percentile) — read the EPSS interpretation.

Affected products

Zohocorp Manageengine_password_manager_pro
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
cve@mitre.org (Exploit, x_refsource_MISC)
20150630 ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability (mailing-list, Exploit, x_refsource_FULLDISC)
75692 (vdb-entry, x_refsource_BID)
20150703 Re: [##2255763##] ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability (mailing-list, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2015-5459?: CVE-2015-5459 is a vulnerability in Zohocorp Manageengine_password_manager_pro, classified under SQL Injection. Published 2015-07-08.
Is CVE-2015-5459 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.