CVE-2024-9459

CWE-89SQL Injection3 documents3 sources
Severity
8.8HIGH
EPSS
0.7%
top 27.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Manageengine Exchange Reporter PlusZohocorp Manageengine Exchange Reporter Plus
Timeline
PublishedNov 5

Description

Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:LExploitability: 2.8 | Impact: 5.5

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
SQL Injection2024-11-05
GHSA
GHSA-4p4c-mrm8-gxcm: Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module2024-11-05
CVE-2024-9459 (HIGH CVSS 8.8) | Zohocorp ManageEngine Exchange Repo | cvebase.io