CVE-2024-0269

CWE-89 — SQL Injection3 documents3 sources

Severity

8.8HIGH

EPSS

0.7%

top 28.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Manageengine Adaudit Plus Zohocorp Manageengine Adaudit Plus

Timeline

PublishedFeb 2

Description

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:LExploitability: 2.8 | Impact: 5.5

Affected Packages2 packages

▶CVEListV5manageengine/adaudit_plus< 7270

▶NVDzohocorp/manageengine_adaudit_plus< 7.2+1

🔴Vulnerability Details

GHSA

GHSA-3rpv-j58g-7jfj: ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown↗2024-02-02

▶

CVEList

SQL Injection↗2024-02-02

▶