CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49332
https://notcve.org/view.php?id=CVE-2023-49332
20 May 2024 — Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares. Las versiones de Zoho ManageEngine ADAudit Plus inferiores a 7271 permiten la inyección de SQL al agregar archivos compartidos. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49331
https://notcve.org/view.php?id=CVE-2023-49331
20 May 2024 — Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option. Las versiones de Zoho ManageEngine ADAudit Plus inferiores a 7271 permiten la inyección de SQL en la opción de búsqueda de informes agregados. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49330
https://notcve.org/view.php?id=CVE-2023-49330
20 May 2024 — Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data. Las versiones de Zoho ManageEngine ADAudit Plus inferiores a 7271 permiten la inyección de SQL mientras obtienen datos de informes agregados. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2010-2049
https://notcve.org/view.php?id=CVE-2010-2049
25 May 2010 — Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en jsp/audit/reports/ExportReport.jsp de ManageEngine ADAudit Plus v4.0.0 build 4043 permite a atacantes remotos ... • http://osvdb.org/64726 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •