Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-1479

CWE-89SQL Injection4 documents4 sources
Severity
6.5MEDIUM
EPSS
10.6%
top 6.73%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Zohocorp Servicedesk Plus
Timeline
PublishedFeb 4
Latest updateMay 17

Description

SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-2rf7-3m77-hq9h: SQL injection vulnerability in reports/CreateReportTable2022-05-17
CVEList
CVE-2015-1479: SQL injection vulnerability in reports/CreateReportTable2015-02-04

💥Exploits & PoCs

1
Exploit-DB
ManageEngine ServiceDesk Plus 9.0 - SQL Injection2015-01-22
CVE-2015-1479 (MEDIUM CVSS 6.5) | SQL injection vulnerability in repo | cvebase.io