Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function.
CPE | Name | Operator | Version |
---|---|---|---|
manageengine_applications_manager | lt | 13.7 |