CVE-2020-15394

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

31.4%

top 3.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Applications Manager

Timeline

PublishedSep 25

Latest updateMay 24

Description

The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDzohocorp/manageengine_applications_manager< 14.0+1

🔴Vulnerability Details

GHSA

GHSA-cqhq-p5mr-mqvp: The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Re↗2022-05-24

▶

CVEList

CVE-2020-15394: The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Re↗2020-09-25

▶