Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Manageengine_opmanager | Zohocorp | * | 12.5 (excluding) |
Manageengine_opmanager | Zohocorp | 12.5 (including) | 12.5 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125000 (including) | 12.5-build125000 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125002 (including) | 12.5-build125002 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125100 (including) | 12.5-build125100 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125101 (including) | 12.5-build125101 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125102 (including) | 12.5-build125102 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125108 (including) | 12.5-build125108 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125110 (including) | 12.5-build125110 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125111 (including) | 12.5-build125111 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125112 (including) | 12.5-build125112 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125113 (including) | 12.5-build125113 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125114 (including) | 12.5-build125114 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125116 (including) | 12.5-build125116 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125117 (including) | 12.5-build125117 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125118 (including) | 12.5-build125118 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125120 (including) | 12.5-build125120 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125121 (including) | 12.5-build125121 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125123 (including) | 12.5-build125123 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125124 (including) | 12.5-build125124 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125125 (including) | 12.5-build125125 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125136 (including) | 12.5-build125136 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125137 (including) | 12.5-build125137 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125139 (including) | 12.5-build125139 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125140 (including) | 12.5-build125140 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125143 (including) | 12.5-build125143 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125144 (including) | 12.5-build125144 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125145 (including) | 12.5-build125145 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125156 (including) | 12.5-build125156 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125157 (including) | 12.5-build125157 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125158 (including) | 12.5-build125158 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125159 (including) | 12.5-build125159 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125161 (including) | 12.5-build125161 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125163 (including) | 12.5-build125163 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125174 (including) | 12.5-build125174 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125175 (including) | 12.5-build125175 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125176 (including) | 12.5-build125176 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125177 (including) | 12.5-build125177 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125178 (including) | 12.5-build125178 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125180 (including) | 12.5-build125180 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125181 (including) | 12.5-build125181 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125192 (including) | 12.5-build125192 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125193 (including) | 12.5-build125193 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125194 (including) | 12.5-build125194 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125195 (including) | 12.5-build125195 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125196 (including) | 12.5-build125196 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125197 (including) | 12.5-build125197 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125198 (including) | 12.5-build125198 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125201 (including) | 12.5-build125201 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125204 (including) | 12.5-build125204 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125212 (including) | 12.5-build125212 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125213 (including) | 12.5-build125213 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125214 (including) | 12.5-build125214 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125215 (including) | 12.5-build125215 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125216 (including) | 12.5-build125216 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125228 (including) | 12.5-build125228 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125229 (including) | 12.5-build125229 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125230 (including) | 12.5-build125230 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125231 (including) | 12.5-build125231 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125232 (including) | 12.5-build125232 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125233 (including) | 12.5-build125233 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125312 (including) | 12.5-build125312 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125323 (including) | 12.5-build125323 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125324 (including) | 12.5-build125324 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125326 (including) | 12.5-build125326 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125328 (including) | 12.5-build125328 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125329 (including) | 12.5-build125329 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125340 (including) | 12.5-build125340 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125341 (including) | 12.5-build125341 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125342 (including) | 12.5-build125342 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125343 (including) | 12.5-build125343 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125344 (including) | 12.5-build125344 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125346 (including) | 12.5-build125346 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125358 (including) | 12.5-build125358 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125359 (including) | 12.5-build125359 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125360 (including) | 12.5-build125360 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125361 (including) | 12.5-build125361 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125362 (including) | 12.5-build125362 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125364 (including) | 12.5-build125364 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125366 (including) | 12.5-build125366 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125367 (including) | 12.5-build125367 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125375 (including) | 12.5-build125375 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125376 (including) | 12.5-build125376 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125377 (including) | 12.5-build125377 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125378 (including) | 12.5-build125378 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125379 (including) | 12.5-build125379 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125380 (including) | 12.5-build125380 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125381 (including) | 12.5-build125381 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125382 (including) | 12.5-build125382 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125386 (including) | 12.5-build125386 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125392 (including) | 12.5-build125392 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125393 (including) | 12.5-build125393 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125394 (including) | 12.5-build125394 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125397 (including) | 12.5-build125397 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125398 (including) | 12.5-build125398 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125399 (including) | 12.5-build125399 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125405 (including) | 12.5-build125405 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125410 (including) | 12.5-build125410 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125411 (including) | 12.5-build125411 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125413 (including) | 12.5-build125413 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125414 (including) | 12.5-build125414 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125415 (including) | 12.5-build125415 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125416 (including) | 12.5-build125416 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125417 (including) | 12.5-build125417 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125420 (including) | 12.5-build125420 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125428 (including) | 12.5-build125428 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125430 (including) | 12.5-build125430 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125431 (including) | 12.5-build125431 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125432 (including) | 12.5-build125432 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125433 (including) | 12.5-build125433 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125434 (including) | 12.5-build125434 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125437 (including) | 12.5-build125437 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125446 (including) | 12.5-build125446 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125448 (including) | 12.5-build125448 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125450 (including) | 12.5-build125450 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125451 (including) | 12.5-build125451 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125452 (including) | 12.5-build125452 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125453 (including) | 12.5-build125453 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125455 (including) | 12.5-build125455 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125466 (including) | 12.5-build125466 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125467 (including) | 12.5-build125467 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125468 (including) | 12.5-build125468 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125469 (including) | 12.5-build125469 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125470 (including) | 12.5-build125470 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125482 (including) | 12.5-build125482 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125483 (including) | 12.5-build125483 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125485 (including) | 12.5-build125485 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125486 (including) | 12.5-build125486 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125487 (including) | 12.5-build125487 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125488 (including) | 12.5-build125488 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125489 (including) | 12.5-build125489 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125567 (including) | 12.5-build125567 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125568 (including) | 12.5-build125568 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125587 (including) | 12.5-build125587 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125588 (including) | 12.5-build125588 (including) |
Manageengine_opmanager | Zohocorp | 12.5-build125589 (including) | 12.5-build125589 (including) |
Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. This can be used to alter query logic to bypass security checks, or to insert additional statements that modify the back-end database, possibly including execution of system commands. SQL injection has become a common issue with database-driven web sites. The flaw is easily detected, and easily exploited, and as such, any site or product package with even a minimal user base is likely to be subject to an attempted attack of this kind. This flaw depends on the fact that SQL makes no real distinction between the control and data planes.