CVE-2020-27995

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

35.9%

top 2.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Applications Manager

Timeline

PublishedOct 29

Latest updateMay 24

Description

SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDzohocorp/manageengine_applications_manager14.0

🔴Vulnerability Details

GHSA

GHSA-5rjf-fvff-f8qg: SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage↗2022-05-24

▶

CVEList

CVE-2020-27995: SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage↗2020-10-29

▶