CVE-2015-7766
N/A
N/A
Summary
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://support.zoho.com/portal/manageengine/helpcenter/articles/pgsql-submitquery-do-vulnerability
- http://www.rapid7.com/db/modules/exploit/windows/http/manage_engine_opmanager_rce
- http://seclists.org/fulldisclosure/2015/Sep/66
- http://packetstormsecurity.com/files/133596/ManageEngine-OpManager-Remote-Code-Execution.html
- https://www.exploit-db.com/exploits/38221/
References
- https://support.zoho.com/portal/manageengine/helpcenter/articles/pgsql-submitquery-do-vulnerability
- http://www.rapid7.com/db/modules/exploit/windows/http/manage_engine_opmanager_rce
- http://seclists.org/fulldisclosure/2015/Sep/66
- http://packetstormsecurity.com/files/133596/ManageEngine-OpManager-Remote-Code-Execution.html
- https://www.exploit-db.com/exploits/38221/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.