CVE-2024-36034

CWE-89SQL Injection3 documents3 sources
Severity
8.8HIGH
EPSS
1.2%
top 20.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zohocorp Manageengine Adaudit PlusManageengine Adaudit Plus
Timeline
PublishedAug 12

Description

Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:LExploitability: 2.8 | Impact: 5.5

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
SQL Injection2024-08-12
GHSA
GHSA-mp7v-r97w-f9j9: Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option2024-08-12
CVE-2024-36034 (HIGH CVSS 8.8) | Zohocorp ManageEngine ADAudit Plus | cvebase.io