3 matches found
CVE-2014-8498
CVE-2014-8498 concerns ManageEngine Password Manager Pro (PMP) and PMP MSP before 7.1 build 7105. Affected component: BulkEditSearchResult.cc; vulnerability: SQL injection via the SEARCH_ALL parameter. Condition: authenticated user can trigger remote SQL commands, with evidence of blind SQL injec...
Password Manager Pro / Pro MSP - Blind SQL Injection Vulnerability
Exploit for php platform in category web applications Authenticated blind SQL injection in Password Manager Pro / Pro MSP Discovered by Pedro Ribeiro email protected, Agile Information Security ========================================================================== Disclosure: 08/11/2014 / Las...
Password Manager Pro SQL Injection
Hi, This is part 7 of the ManageOwnage series. For previous parts, see 1. Today we have a blind SQL injection in Password Manager Pro PMP that can be abused to escalate privileges for a low privileged user like a guest to the "super administrator". Using our new powers we can then dump the whole...