Zoho ManageEngine Applications Manager '/auditLogAction.do' Module SQL Injection Vulnerability

Zoho ManageEngine Applications Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
An attacker may leverage this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
ManageEngine Applications Manager 13.1 Build 13100 is vulnerable; other versions may also be affected.


Bugtraq ID: 108470
Class: Input Validation Error
CVE: CVE-2017-11738

Remote: Yes
Local: No
Published: Aug 09 2019 12:00AM
Updated: Aug 09 2019 12:00AM
Credit: Elvin Hayes Gentiles of Trustwave SpiderLabs
Vulnerable: Zoho ManageEngine Applications Manager 13.1 Build 13100

Not Vulnerable:


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

Related Posts