CVE-2014-8499 Information

Feb 14, 2021 cve

Description

Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc.

Reference

http://osvdb.org/show/osvdb/114484 http://osvdb.org/show/osvdb/114485 http://packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.html http://seclists.org/fulldisclosure/2014/Nov/18 http://www.exploit-db.com/exploits/35210 http://www.securityfocus.com/bid/71018 https://exchange.xforce.ibmcloud.com/vulnerabilities/98595 https://exchange.xforce.ibmcloud.com/vulnerabilities/98597 https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txt

Share on: