19 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271. Las versiones 7270 e inferiores de ManageEngine ADAudit Plus son vulnerables a la inyección de SQL autenticado en File-Summary DrillDown. Este problema se solucionó y se publicó en la versión 7271. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data. Las versiones 7270 e inferiores de ManageEngine ADAudit Plus son vulnerables a la inyección de SQL autenticado en Graph-Data doméstico. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 6%CPEs: 15EXPL: 0

Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature. Zoho ManageEngine ADAudit Plus hasta 7250 permite la inyección SQL en la función de informe agregado. • https://manageengine.com https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 6%CPEs: 11EXPL: 0

Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option. Zoho ManageEngine ADAudit Plus hasta 7250 es vulnerable a la inyección SQL en la opción de exportación de informes. • https://manageengine.com https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 2.7EPSS: 0%CPEs: 13EXPL: 0

Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal. Zoho ManageEngine ADAudit Plus anterior a 7270 permite a los usuarios administradores ver nombres de directorios arbitrarios mediante path traversal. • https://www.manageengine.com/products/active-directory-audit/cve-2023-50785.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •