CVE-2018-18949 โ€” SQL Injection in Manageengine Opmanager

CWE-89 โ€” SQL Injection5 documents4 sources
Severity
9.8CRITICALNVD
EPSS
12.8%
top 5.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zohocorp Manageengine Opmanager
Timeline
PublishedNov 5
Latest updateDec 11

Description

Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

โ–ถNVDzohocorp/manageengine_opmanager11.4, 11.5, 12.3+2

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-4hp5-mf8r-q489: Zoho ManageEngine OpManager 12โ†—2022-05-13
โ–ถ
CVEList
CVE-2018-18949: Zoho ManageEngine OpManager 12โ†—2018-11-05
โ–ถ

๐Ÿ”Detection Rules

2
Suricata
ET WEB_SPECIFIC_APPS Zoho ManageEngine OpManager addMailServerSettings SQL Injection (CVE-2018-18949) M1โ†—2025-12-11
โ–ถ
Suricata
ET WEB_SPECIFIC_APPS Zoho ManageEngine OpManager addMailServerSettings SQL Injection (CVE-2018-18949) M2โ†—2025-12-11
โ–ถ
CVE-2018-18949 โ€” SQL Injection | cvebase