Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote malicious users to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
manageengine applications manager 10.0 |
||
manageengine applications manager 10.2 |
||
manageengine applications manager 10.1 |
||
manageengine applications manager 10.3 |
||
manageengine applications manager 9.5 |
||
manageengine applications manager 9.1 |
||
manageengine applications manager 9.2 |
||
manageengine applications manager 9.3 |
||
manageengine applications manager 9.4 |
Vulmon