Zoho ManageEngine OpManager 12.3 SQL Injection

Zoho ManageEngine OpManager version 12.3 before 123222 suffers from a remote SQL injection vulnerability.


MD5 | 3eadb0f19575b409b6236dcffcdd9b05

I. VULNERABILITY
-------------------------
SQL Injection

II. CVE REFERENCE
-------------------------
CVE-2018-18949

III. VENDOR
-------------------------
https://www.manageengine.com

IV. TIMELINE
-------------------------
09/10/18 Vulnerability discovered
09/10/18 Vendor contacted
02/11/2018 OPManager replay that they fixed

V. CREDIT
-------------------------
Hakan Bayir at Biznet Bilisim A.S.

VI. DESCRIPTION
-------------------------
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via
Mail Server settings.

VII. Remediation
-------------------------
Its recommended to update latest version of OPManager. Its fixed in
latest version and Build No - 123222.


Related Posts