Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action.
References
Configurations
History
No history.
Information
Published : 2017-11-16 17:29
Updated : 2024-02-04 19:29
NVD link : CVE-2017-16847
Mitre link : CVE-2017-16847
CVE.ORG link : CVE-2017-16847
JSON object : View
Products Affected
zohocorp
- manageengine_applications_manager
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')