Vulnerability Details CVE-2018-15168
A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/x-f1v3/ForCve/issues/2
- https://www.manageengine.com/products/applications_manager/issues.html
- https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15168.html
- https://github.com/x-f1v3/ForCve/issues/2
- https://www.manageengine.com/products/applications_manager/issues.html
- https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15168.html
Products affected by CVE-2018-15168
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:11.0
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:11.1
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:11.2
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:11.3
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:11.4
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:11.5
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:11.6
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:11.7
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:11.8
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:11.9
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:12.0
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:12.1
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:12.2
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:12.3
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:12.4
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:12.5
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:12.6
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:12.7
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:12.8
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:12.9
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:13
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:13.1
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:13.2
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:13.3
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:13.4
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:13.5
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:13.6
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:13.7
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:13.8
-
cpe:2.3:a:zohocorp:manageengine_applications_manager:13.9