CVE-2019-11469

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Applications Manager versions 12 through 14

Description The issue allows for SQL injection via the FaultTemplateOptions.jsp resourceid. This can be exploited by an unauthenticated user to gain SYSTEM authority on the server. The exploitation involves uploading a malicious file using the "Execute Program Action(s)" feature.

Recommendations For versions 12 through 14, update to a version that contains a fix for this issue to prevent SQL injection and unauthorized access. As a temporary workaround, consider restricting access to the "Execute Program Action(s)" feature to minimize the risk of exploitation.