CVE-2017-16847
https://notcve.org/view.php?id=CVE-2017-16847
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. Zoho ManageEngine Applications Manager 13 antes de la build 13530 permite una inyección SQL mediante el parámetro resourceid en /showresource.do en una acción showPlasmaView. • http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16847.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-16846
https://notcve.org/view.php?id=CVE-2017-16846
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. Zoho ManageEngine Applications Manager 13 antes de la build 13530 permite una inyección SQL mediante el parámetro haid en /manageApplications.do?method=AddSubGroup. • http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16846.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-16848
https://notcve.org/view.php?id=CVE-2017-16848
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. Zoho ManageEngine Applications Manager 13 permite inyección SQL mediante el parámetro groupname en /manageConfMons.do. • http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-16850
https://notcve.org/view.php?id=CVE-2017-16850
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. Zoho ManageEngine Applications Manager 13 antes de la build 13530 permite una inyección SQL mediante el parámetro resourceid en /showresource.do en una acción getResourceProfiles. • http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16850.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-16543 – ManageEngine Applications Manager 13 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-16543
Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter. Zoho ManageEngine Applications Manager versión 13 anterior a build 13500, permite la inyección SQL por medio del archivo GraphicalView.do, como es demostrado por un campo creado yCanvas de ViewProps o un parámetro viewid. Zoho ManageEngine Applications Manager version 13 suffers from multiple post-authentication remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/43129 http://code610.blogspot.com/2017/11/sql-injection-in-manageengine.html https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16543.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •