CVE-2015-7766 Information

Feb 14, 2021 cve

Description

PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6 11.5 and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery as demonstrated by \INSERT/**/INTO.\

Reference

http://packetstormsecurity.com/files/133596/ManageEngine-OpManager-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2015/Sep/66 http://www.rapid7.com/db/modules/exploit/windows/http/manage_engine_opmanager_rce https://support.zoho.com/portal/manageengine/helpcenter/articles/pgsql-submitquery-do-vulnerability https://www.exploit-db.com/exploits/38221/

Share on: