CVE-2015-5459

SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*

Information

Published : 2015-07-08 08:59

Updated : 2016-12-07 10:16


NVD link : CVE-2015-5459

Mitre link : CVE-2015-5459


JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa

Products Affected

zohocorp

  • manageengine_password_manager_pro