PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and previous versions allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zohocorp manageengine opmanager 11.6 |
||
zohocorp manageengine opmanager |