PT-2026-21502 · Manageengine · Zoho Manageengine Adselfservice Plus

Nguyen Dang Toan

Publicado

2026-02-23

Atualizado

2026-02-28

CVE-2026-1367

CVSS v3.1

8.3

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions ManageEngine ADSelfService Plus versions 6522 and below

Description ManageEngine ADSelfService Plus versions 6522 and below are susceptible to an authenticated SQL Injection issue in the search report option. An attacker with valid credentials can inject malicious SQL code into the search input, potentially compromising the underlying database. The vulnerability exists within the search report feature.

Recommendations Versions prior to 6523 are affected.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2026-1367

Produtos afetados

Zoho Manageengine Adselfservice Plus

PT-2026-21502 · Manageengine · Zoho Manageengine Adselfservice Plus

CVE-2026-1367

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9