Zoho ManageEngine OpManager SQL Injection (CVE-2018-20173)

A SQL injection vulnerability exists in ManageEngine. This vulnerability is due to insufficient validation of parameters. Successful exploitation could lead to arbitrary SQL code execution...

CVE-2018-20173

Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API...

CVE-2018-20173

Zoho ManageEngine OpManager 12.3 is vulnerable to SQL injection via the getGraphData API in versions before 123238. The root cause is insufficient validation of parameters in the getGraphData call, enabling attackers to manipulate SQL queries. Impact documented across sources includes potential a...

CVE-2018-20173

Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API...

Zoho ManageEngine OpManager 12.3 SQL Injection Vulnerability

Zoho ManageEngine OpManager versions 12.3 before 123238 suffer from a remote SQL injection vulnerability in the getGraphData API. I. VULNERABILITY ------------------------- Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API. II. CVE REFERENCE...