Lucene search

[email protected]CVE-2015-1479

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2015-1479

2022-10-0316:15:52

CWE-89

[email protected]

web.nvd.nist.gov

cve-2015-1479

sql injection

zoho manageengine

servicedesk plus

nvd

vulnerability

8.1 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.4%

JSON

SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.

Affected configurations

NVD

Node

zohocorpservicedesk_plusRange≤9.0

CPENameOperatorVersion
zohocorp:servicedesk_pluszohocorp servicedesk plusle9.0

CPE	Name	Operator	Version
zohocorp:servicedesk_plus	zohocorp servicedesk plus	le	9.0

References

packetstormsecurity.com/files/130079/ManageEngine-ServiceDesk-9.0-SQL-Injection.html

www.exploit-db.com/exploits/35890

www.manageengine.com/products/service-desk/readme-9.0.html

www.rewterz.com/vulnerabilities/manageengine-servicedesk-sql-injection-vulnerability

www.securityfocus.com/bid/72299

8.1 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.4%

JSON

Related for CVE-2015-1479

nvd1 cvelist1 prion1 openvas1