CVE Vulnerabilities

CVE-2015-7766

Published: Oct 09, 2015 | Modified: Oct 09, 2015
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9 HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by INSERT/**/INTO.

Affected Software

Name Vendor Start Version End Version
Manageengine_opmanager Zohocorp * 11.5 (including)
Manageengine_opmanager Zohocorp 11.6 (including) 11.6 (including)

References