SQL Injection in Manageengine Applications Manager
CVE-2024-5678
Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
Vulnerability class: SQL Injection
EPSS: 0.015 (81.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.7 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L.
Affected products
- Manageengine Applications Manager — versions 0
Weakness classification (CWE)
Public proof-of-concept exploits
- 0x41424142/qualyspy
- Aleph-Alpha/support
- AlexielArdilla/El-libro-absurdamente-completo-del-Hacker-Etico
- BuildAndDestroy/ai-cve-mcp-server
- BuildAndDestroy/ai-cve-vector-data
- Cyber-Agents-Fleet/CVE-MCP-Server
- Dashrath158/CVE-Management-App-using-Flask
- Jhoel777ar/El-libro-absurdamente-completo-del-Hacker-Etico
- Kushalsharma0702/ThreatEye
- Sanjayharitas/Assignment
References
Frequently asked questions
- What is CVE-2024-5678?
- CVE-2024-5678 is a medium-severity vulnerability in Manageengine Applications Manager, classified under SQL Injection. CVSS score: 4.7/10. Published 2024-08-01.
- How severe is CVE-2024-5678?
- Medium severity. CVSS v3 base score is 4.7 out of 10.
- Is CVE-2024-5678 known to be exploited?
- 23 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.