cbcvebase.
CVE-2014-7868
published 2014-12-04

CVE-2014-7868: Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or…

PriorityP267high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
73.32%
99.4th percentile
Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet.

Affected

5 ranges
VendorProductVersion rangeFixed in
zohocorpmanageengine_it360
zohocorpmanageengine_it360
zohocorpmanageengine_opmanager
zohocorpmanageengine_opmanager
zohocorpmanageengine_social_it_plus

Detection & IOCsextracted from sources · hover to see the quote

url/servlet/APMBVHandler?OPERATION_TYPE=Delete&OPM_BVNAME=[SQLi]
url/servlet/APMBVHandler?OPERATION_TYPE=Delete&OPM_BVNAME=aaa'%3bcreate+table+pulicia+(bolas+text)%3b--+
url/servlet/DataComparisonServlet?operation=compare&numPrimaryKey=1337&query=[SQLi]
url/servlet/DataComparisonServlet?operation=compare&numPrimaryKey=1337&query=create+table+panicia+(bolos+text)
path/servlet/APMBVHandler
path/servlet/DataComparisonServlet
commandOPM_BVNAME=aaa'%3bcreate+table+pulicia+(bolas+text)%3b--+
commandquery=create+table+panicia+(bolos+text)
  • Monitor HTTP POST requests to /servlet/APMBVHandler with OPERATION_TYPE=Delete; inspect OPM_BVNAME parameter for SQL metacharacters (quotes, semicolons, comment sequences) indicative of blind SQL injection.
  • Monitor HTTP POST requests to /servlet/DataComparisonServlet with operation=compare; inspect the query parameter for raw SQL statements, as it runs the query directly against the database.
  • CVE-2014-7868 is unauthenticated on OpManager and Social IT Plus, but requires authentication on IT360 — correlate with session/auth context when triaging alerts on these endpoints.
  • ·The SQL injection via DataComparisonServlet executes the attacker-supplied query directly against the database, making it more severe than a typical blind SQLi — treat any hit on this endpoint as critical.
  • ·Affected versions span at least OpManager 11.3/11.4, IT360 10.3/10.4, and Social IT Plus 11.0; exact lower bound is unknown ('at least the current versions').
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.