Published: 17/11/2014 Updated: 16/07/2019

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Subscribe to Manageengine Password Manager Pro

SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition prior to 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zohocorp manageengine password manager pro

>> Authenticated blind SQL injection in Password Manager Pro / Pro MSP >> Discovered by Pedro Ribeiro (pedrib@gmailcom), Agile Information Security ========================================================================== Disclosure: 08/11/2014 / Last updated: 08/11/2014 >> Background on the affected products: "Password Manager ...

Password Manager Pro versions prior to 71 build 7105 suffer from multiple remote SQL injection vulnerabilities ...

CWE-89 https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txt http://www.securityfocus.com/bid/71016 http://packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.html http://www.exploit-db.com/exploits/35210 http://seclists.org/fulldisclosure/2014/Nov/18 http://osvdb.org/show/osvdb/114483 https://exchange.xforce.ibmcloud.com/vulnerabilities/98596 https://nvd.nist.gov https://www.exploit-db.com/exploits/35210/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-8498

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect