Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter.
References
Configurations
Information
Published : 2017-11-16 09:29
Updated : 2018-08-06 18:29
NVD link : CVE-2017-16851
Mitre link : CVE-2017-16851
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
zohocorp
- manageengine_applications_manager