Zoho ManageEngine OpManager version 12.3 before 123222 suffers from a remote SQL injection vulnerability.
3eadb0f19575b409b6236dcffcdd9b05
I. VULNERABILITY
-------------------------
SQL Injection
II. CVE REFERENCE
-------------------------
CVE-2018-18949
III. VENDOR
-------------------------
https://www.manageengine.com
IV. TIMELINE
-------------------------
09/10/18 Vulnerability discovered
09/10/18 Vendor contacted
02/11/2018 OPManager replay that they fixed
V. CREDIT
-------------------------
Hakan Bayir at Biznet Bilisim A.S.
VI. DESCRIPTION
-------------------------
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via
Mail Server settings.
VII. Remediation
-------------------------
Its recommended to update latest version of OPManager. Its fixed in
latest version and Build No - 123222.