Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-3996SQL Injection in Desktop Central

CWE-89SQL Injection4 documents4 sources
Severity
7.5HIGHNVD
EPSS
71.2%
top 1.29%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Manageengine Desktop CentralManageengine It360Manageengine Password Manager PRO
Timeline
PublishedDec 5
Latest updateMay 17

Description

SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

NVDmanageengine/it36010.3.3

🔴Vulnerability Details

2
GHSA
GHSA-9fcv-4956-x8m5: SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MS2022-05-17
CVEList
CVE-2014-3996: SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MS2014-12-05

💥Exploits & PoCs

1
Exploit-DB
ManageEngine Password Manager - MetadataServlet.dat SQL Injection (Metasploit)2014-08-25
CVE-2014-3996 — SQL Injection in Desktop Central | cvebase