SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  ManageEngine Applications Manager SQL Injection 3

Category: WEB-ATTACKS      

An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11448


Relevant Information