What is CVE-2015-7766?

CVE-2015-7766 is a vulnerability in Zohocorp Manageengine_opmanager, classified under CWE-264. Published 2015-10-09.

Is CVE-2015-7766 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Zohocorp Manageengine_opmanager

CVE-2015-7766

PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."

EPSS: 0.775 (99.0th percentile) — read the EPSS interpretation.

Affected products

Zohocorp Manageengine_opmanager — versions 11.6
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

rapid7/metasploit-framework

References

cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (Exploit, x_refsource_MISC)
20150915 ManageEngine OpManager multiple vulnerabilities (mailing-list, x_refsource_FULLDISC)
cve@mitre.org (Exploit, x_refsource_MISC)
38221 (Exploit, exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2015-7766?: CVE-2015-7766 is a vulnerability in Zohocorp Manageengine_opmanager, classified under CWE-264. Published 2015-10-09.
Is CVE-2015-7766 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.