Описание
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-35765
- https://www.manageengine.com
- https://www.manageengine.com/products/applications_manager/issues.html#v15000
- https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-35765.html
- https://www.tenable.com/security/research/tra-2021-02
Связанные уязвимости
CVSS3: 8.8
nvd
около 5 лет назад
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.