Vulnerability in N/a

CVE-2019-19649

Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function.

EPSS: 0.504 (97.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

References

www.manageengine.com/products/applications_manager/release-notes.html (x_refsource_CONFIRM)
gitlab.com/eLeN3Re/CVE-2019-19649 (x_refsource_MISC)