CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3835 – Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-3835
09 Jun 2025 — Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module. Las versiones 5721 y anteriores de Zohocorp ManageEngine Exchange Reporter Plus son vulnerables a la ejecución remota de código en el módulo de búsqueda de contenido. Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module. • https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-3835.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9459 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-9459
05 Nov 2024 — Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module. Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module. • https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-9459.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 0CVE-2024-38872 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-38872
26 Jul 2024 — Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module. • https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-38872.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 0CVE-2024-38871 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-38871
26 Jul 2024 — Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module. • https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-38871.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21775 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-21775
16 Feb 2024 — Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature. Zoho ManageEngine Exchange Reporter Plus versiones 5714 y siguientes son vulnerables a la inyección de SQL autenticado en la función de exportación de informes. Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature. • https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-21775.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •