Minhgalaxy

**Name of the Vulnerable Software and Affected Versions** Zohocorp ManageEngine ADAudit Plus versions below 8511 **Description** The issue is related to SQL injection while exporting reports. **Recommendations** For versions below 8511, update to version 8511 or later to resolve the issue. As a temporary workaround, consider restricting report export functionality until a patch is available. Avoid using sensitive data in report exports to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zohocorp ManageEngine ADAudit Plus versions 8510 and prior **Description** The issue concerns an authenticated SQL injection in the logon events aggregate report. **Recommendations** For Zohocorp ManageEngine ADAudit Plus versions 8510 and prior, update to a version later than 8510 to resolve the issue. As a temporary workaround, consider restricting access to the logon events aggregate report until a patch is available.

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 Description: The issue is related to SQL Injection in the reports module of the software. This allows for potential exploitation. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. Recommendations: For versions before 5715, update to a version 5715 or later to resolve the SQL Injection issue in the reports module. As a temporary workaround, consider restricting access to the reports module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Zohocorp ManageEngine ADAudit Plus versions below 8000 **Description** The issue concerns an authenticated SQL injection in the reports module. **Recommendations** For versions below 8000, update to a version above 8000 to resolve the issue. As a temporary workaround, consider restricting access to the reports module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Zohocorp ManageEngine ADAudit Plus versions below 8000 **Description** The issue concerns an authenticated SQL injection vulnerability in the aggregate reports option. This vulnerability can be exploited by authenticated users, potentially leading to unauthorized access or manipulation of data. **Recommendations** For versions below 8000, upgrade to version 8000 to remediate the issue. As a temporary workaround, consider restricting access to the aggregate reports option until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Zohocorp ManageEngine ADAudit Plus versions below 8121 **Description** The issue concerns an authenticated SQL injection vulnerability in the account lockout report of Zohocorp ManageEngine ADAudit Plus. This vulnerability allows for malicious SQL code execution, potentially leading to unauthorized access or data manipulation. **Recommendations** For versions below 8121, upgrade to version 8121 to remediate the issue. As a temporary workaround, consider restricting access to the account lockout report feature until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Zohocorp ManageEngine ADAudit Plus versions below 8000 **Description** The issue concerns an authenticated SQL injection vulnerability in the alerts module. This vulnerability affects versions of Zohocorp ManageEngine ADAudit Plus below 8000. **Recommendations** For versions below 8000, upgrade to version 8000 to remediate the issue. As a temporary workaround, consider restricting access to the alerts module until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Zohocorp ManageEngine ADAudit Plus versions below 8000 **Description** The issue is related to an authenticated SQL injection in the dashboard of Zohocorp ManageEngine ADAudit Plus. This vulnerability is distinct from another issue affecting the same dashboard. **Recommendations** For versions below 8000, upgrade to version 8000 to remediate the issue. As a temporary workaround, consider restricting access to the dashboard to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zohocorp ManageEngine ADAudit Plus versions below 8000 **Description** The issue is related to an authenticated SQL injection in the dashboard of ADAudit Plus. This vulnerability is distinct from another issue affecting the same dashboard. **Recommendations** For versions below 8000, upgrade to version 8000 to resolve the issue. As a temporary workaround, consider restricting access to the dashboard to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zohocorp ManageEngine ADAudit Plus versions below 8000 **Description** The issue concerns an authenticated SQL injection vulnerability in the file summary option. This vulnerability affects Zohocorp ManageEngine ADAudit Plus. **Recommendations** Upgrade to version 8000 to remediate the issue. As a temporary workaround, consider restricting access to the file summary option until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Zohocorp ManageEngine ADAudit Plus versions below 8121 **Description** The issue concerns an authenticated SQL injection vulnerability in the extranet lockouts report option. This vulnerability can be exploited by authenticated users, potentially leading to unauthorized access or data manipulation. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions below 8121, upgrade to version 8121 to mitigate risks. As a temporary workaround, consider restricting access to the extranet lockouts report option until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Zohocorp ManageEngine ADAudit Plus versions below 8003 **Description** The issue is related to an authenticated SQL Injection vulnerability in user session recording. **Recommendations** For Zohocorp ManageEngine ADAudit Plus versions below 8003, update to a version 8003 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Zohocorp ManageEngine ADAudit Plus versions below 8003 **Description** The issue concerns an authenticated SQL Injection vulnerability in the aggregate reports' search option. This allows attackers to inject malicious SQL code, potentially leading to unauthorized access or data manipulation. **Recommendations** For Zohocorp ManageEngine ADAudit Plus versions below 8003, update to a version 8003 or later to resolve the issue. As a temporary workaround, consider restricting access to the aggregate reports' search option until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** ManageEngine Exchange Reporter Plus versions 5717 and below **Description** The issue is related to the lack of protection against SQL query structure attacks in the reports module of ManageEngine Exchange Reporter Plus. This can allow a remote attacker to execute arbitrary SQL queries to the database. The exploitation of this issue is possible through authenticated SQL injection in the reports module. **Recommendations** For versions 5717 and below, update to a version above 5717 to resolve the issue. As a temporary workaround, consider restricting access to the reports module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine ADAudit Plus versions below 7271 **Description** The issue allows SQL injection in the dashboard graph feature. This could potentially lead to remote attacks and data compromise. **Recommendations** For Zoho ManageEngine ADAudit Plus versions below 7271, upgrade the affected component immediately to resolve the issue. As a temporary workaround, consider restricting access to the dashboard graph feature until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine ADAudit Plus versions below 7271 **Description** The issue allows SQL Injection while exporting a full summary report. **Recommendations** For Zoho ManageEngine ADAudit Plus versions below 7271, update to version 7271 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine ADAudit Plus versions below 7271 **Description** The issue allows SQL injection while adding file shares. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Zoho ManageEngine ADAudit Plus versions below 7271, update to version 7271 or later to resolve the issue. As a temporary workaround, consider restricting access to the file share addition feature until a patch is available. Avoid using the feature that allows adding file shares in the affected versions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine ADAudit Plus versions below 7271 **Description** The issue allows SQL injection in the aggregate reports search option. This could potentially be exploited to extract or modify sensitive data. **Recommendations** For Zoho ManageEngine ADAudit Plus versions below 7271, update to version 7271 or later to resolve the issue. As a temporary workaround, consider restricting access to the aggregate reports search option until a patch is applied. Avoid using user-input data in the search option to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine ADAudit Plus versions below 7271 **Description** The issue allows SQL Injection while getting aggregate report data. **Recommendations** For Zoho ManageEngine ADAudit Plus versions below 7271, update to version 7271 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine Exchange Reporter Plus versions 5714 and below **Description** The issue is related to an Authenticated SQL injection in the report exporting feature. **Recommendations** For Zoho ManageEngine Exchange Reporter Plus versions 5714 and below, update to a version above 5714 to resolve the issue. As a temporary workaround, consider restricting access to the report exporting feature until a patch is available.