CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-7766

PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.775

EPSS Ranking 98.9%

CVSS Severity

CVSS v2 Score 9.0

References

http://packetstormsecurity.com/files/133596/ManageEngine-OpManager-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2015/Sep/66
http://www.rapid7.com/db/modules/exploit/windows/http/manage_engine_opmanager_rce
https://support.zoho.com/portal/manageengine/helpcenter/articles/pgsql-submitquery-do-vulnerability
https://www.exploit-db.com/exploits/38221/
http://packetstormsecurity.com/files/133596/ManageEngine-OpManager-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2015/Sep/66
http://www.rapid7.com/db/modules/exploit/windows/http/manage_engine_opmanager_rce
https://support.zoho.com/portal/manageengine/helpcenter/articles/pgsql-submitquery-do-vulnerability
https://www.exploit-db.com/exploits/38221/

Products affected by CVE-2015-7766

Zohocorp » Manageengine Opmanager » Version: N/A

cpe:2.3:a:zohocorp:manageengine_opmanager:-
Zohocorp » Manageengine Opmanager » Version: 11.4

cpe:2.3:a:zohocorp:manageengine_opmanager:11.4
Zohocorp » Manageengine Opmanager » Version: 11.5

cpe:2.3:a:zohocorp:manageengine_opmanager:11.5
Zohocorp » Manageengine Opmanager » Version: 11.6

cpe:2.3:a:zohocorp:manageengine_opmanager:11.6
Zohocorp » Manageengine Opmanager » Version: 8

cpe:2.3:a:zohocorp:manageengine_opmanager:8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-7766

Products

Pricing

Contact Us