2 matches found
ManageEngine OpManager 'probeName' SQL Injection Vulnerability
The remote host is running a version of ManageEngine OpManager that is affected by a SQL injection vulnerability due to a failure to validate the 'probeName' parameter of the UpdateProbeUpgradeStatus servlet. A remote, unauthenticated attacker can exploit this to modify the application's database...
CVE-2014-7867
The CVE-2014-7867 entry describes a SQL injection in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet used by ManageEngine OpManager (versions 11.3/11.4), IT360 (10.3/10.4), and Social IT Plus (11.0). The vulnerability stems from insufficient validation of the probeName par...