exploitDog

GHSA-8r27-47c2-gr4x

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

Описание

SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc.

SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc.

Ссылки

EPSS

Процентиль: 74%

0.00837

Низкий

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2015-5459

nvd

больше 10 лет назад

SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc.

EPSS

Процентиль: 74%

0.00837

Низкий

CVE ID

Дефекты

CWE-89