CVE-2015-1479

Опубликовано: 04 фев. 2015

Источник: nvd

CVSS2: 6.5

EPSS Средний

Описание

SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.

Ссылки

http://packetstormsecurity.com/files/130079/ManageEngine-ServiceDesk-9.0-SQL-Injection.html
Exploit
http://www.exploit-db.com/exploits/35890
Exploit
http://www.manageengine.com/products/service-desk/readme-9.0.html
Vendor Advisory
http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-sql-injection-vulnerability
Exploit
http://www.securityfocus.com/bid/72299
Exploit
http://packetstormsecurity.com/files/130079/ManageEngine-ServiceDesk-9.0-SQL-Injection.html
Exploit
http://www.exploit-db.com/exploits/35890
Exploit
http://www.manageengine.com/products/service-desk/readme-9.0.html
Vendor Advisory
http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-sql-injection-vulnerability
Exploit
http://www.securityfocus.com/bid/72299
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zohocorp:servicedesk_plus:*:*:*:*:*:*:*:*

Версия до 9.0 (включая)

EPSS

Процентиль: 93%

0.10556

Средний

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-2rf7-3m77-hq9h

github

больше 3 лет назад