CVE-2024-5608 — SQL Injection in Adaudit Plus

CWE-89 — SQL Injection3 documents3 sources

Severity

8.1HIGHNVD

CNA8.3

EPSS

0.3%

top 49.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Manageengine Adaudit Plus Zohocorp Manageengine Adaudit Plus

Timeline

PublishedOct 24

Description

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶NVDzohocorp/manageengine_adaudit_plus< 8.1+1

▶CVEListV5manageengine/adaudit_plus< 8121

🔴Vulnerability Details

CVEList

SQL Injection↗2024-10-24

▶

GHSA

GHSA-9pvp-765c-8gcx: Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature↗2024-10-24

▶