ManageEngine ADAudit Plus < Build 8000 Multiple Vulnerabilities

The version of ManageEngine ADAudit Plus installed on the remote host is prior to build 8000. It is, therefore, affected by multiple vulnerabilities. - Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module. CVE-2024-5556 -...

CVE-2024-5556

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module...

CVE-2024-5556

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module...

CVE-2024-5556 SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module...

CVE-2024-5556 SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module...

CVE-2024-5556

Summary: CVE-2024-5556 affects Zohocorp ManageEngine ADAudit Plus versions below 8000. The vulnerability is an authenticated SQL injection in the reports module . Affected component/versions: ADAudit Plus

The vulnerability of the Reports module of the monitoring, analysis, and reporting software ManageEngine Exchange Reporter Plus allows a hacker to execute arbitrary SQL queries against the database.

The vulnerability of the Reports module in the ManageEngine Exchange Reporter Plus software for monitoring, analysis, and report generation is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL...

CVE-2024-38871

Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module...

CVE-2024-38871 SQL Injection

Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module...

CVE-2024-38870

Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions before 128104, from 128151 before 128238, from 128247 before 128250 are vulnerable to Stored XSS vulnerability in reports module...

CVE-2024-38870

CVE-2024-38870 affects Zohocorp ManageEngine OpManager family. According to provided documents, a Stored XSS vulnerability exists in the reports module for: OpManager, OpManager Plus, OpManager MSP, and OpManager Enterprise Edition with affected version ranges: before 128104, from 128151 before 1...

CVE-2024-38870 Stored XSS

Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions before 128104, from 128151 before 128238, from 128247 before 128250 are vulnerable to Stored XSS vulnerability in reports module...

PT-2024-5582 · Manageengine · Zoho Manageengine Exchange Reporter Plus

Name of the Vulnerable Software and Affected Versions: ManageEngine Exchange Reporter Plus versions 5717 and below Description: The issue is related to the lack of protection against SQL query structure attacks in the reports module of ManageEngine Exchange Reporter Plus. This can allow a remote...

PT-2024-40086 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue concerns the reports CMS section, where it only checks the canView function when listing reports that can be viewed by the current user. However, it does not perform this chec...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The program provides a variety of payment methods, SMS alerts and product image zoom and other features. A security vulnerability exists in PrestaShop Sales Reports, Statistics, Custom Fields & Export...

VulnCheck KEV: CVE-2018-20470

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal arbitrary file access vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files...

CVE-2023-24685

ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module...

Zoho ManageEngine SQL Injection (CVE-2022-27908)

A SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the parameters in the HTTP requests processed by the Inventory Reports module...

silverstripe-advancedreports vulnerable to XSS

silverstripe-advancedreports aka the Advanced Reports module for SilverStripe 1.0 through 2.0 is vulnerable to Cross-Site Scripting XSS because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item ak...

CVE-2022-23940

SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the emailrecipients property. By using a crafted request, they can create a malicious report, containin...