PT-2026-21502 · Manageengine · Zoho Manageengine Adselfservice Plus

Nguyen Dang Toan

Published

2026-02-23

Updated

2026-02-28

CVE-2026-1367

CVSS v3.1

8.3

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions ManageEngine ADSelfService Plus versions 6522 and below

Description ManageEngine ADSelfService Plus versions 6522 and below are susceptible to an authenticated SQL Injection issue in the search report option. An attacker with valid credentials can inject malicious SQL code into the search input, potentially compromising the underlying database. The vulnerability exists within the search report feature.

Recommendations Versions prior to 6523 are affected.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2026-1367

Affected Products

Zoho Manageengine Adselfservice Plus

PT-2026-21502 · Manageengine · Zoho Manageengine Adselfservice Plus

CVE-2026-1367

Weakness Enumeration

Related Identifiers

Affected Products

References · 9