Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.
2017-11-05T17:29:00.297
2025-04-20T01:37:25.860
Deferred
CVSSv3.0: 8.8 (HIGH)
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.0
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | zohocorp | manageengine_applications_manager | 13.0 | Yes |