PT-2018-13963 · Zoho · Zoho Manageengine Opmanager

Published

2018-09-20

·

Updated

2018-12-03

·

CVE-2018-17243

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Zoho ManageEngine OpManager versions prior to 12.3 123205
Description The issue allows for SQL Injection in the Global Search feature.
Recommendations For versions prior to 12.3 123205, update to version 12.3 123205 or later to resolve the issue.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-17243

Affected Products

Zoho Manageengine Opmanager