CVE-2024-6204

CWE-89SQL Injection3 documents3 sources
Severity
8.1HIGH
EPSS
0.3%
top 44.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Manageengine Exchange Reporter PlusZohocorp Manageengine Exchange Reporter Plus
Timeline
PublishedAug 30

Description

Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:LExploitability: 2.8 | Impact: 5.5

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-v323-q9x3-gg6h: Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module2024-08-30
CVEList
SQL injection2024-08-30
CVE-2024-6204 (HIGH CVSS 8.1) | Zohocorp ManageEngine Exchange Repo | cvebase.io