CVE-2024-0269 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-0269
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271. Las versiones 7270 e inferiores de ManageEngine ADAudit Plus son vulnerables a la inyección de SQL autenticado en File-Summary DrillDown. Este problema se solucionó y se publicó en la versión 7271. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-0253 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-0253
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data. Las versiones 7270 e inferiores de ManageEngine ADAudit Plus son vulnerables a la inyección de SQL autenticado en Graph-Data doméstico. • https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-48793
https://notcve.org/view.php?id=CVE-2023-48793
Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature. Zoho ManageEngine ADAudit Plus hasta 7250 permite la inyección SQL en la función de informe agregado. • https://manageengine.com https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-48792
https://notcve.org/view.php?id=CVE-2023-48792
Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option. Zoho ManageEngine ADAudit Plus hasta 7250 es vulnerable a la inyección SQL en la opción de exportación de informes. • https://manageengine.com https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-50785
https://notcve.org/view.php?id=CVE-2023-50785
Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal. Zoho ManageEngine ADAudit Plus anterior a 7270 permite a los usuarios administradores ver nombres de directorios arbitrarios mediante path traversal. • https://www.manageengine.com/products/active-directory-audit/cve-2023-50785.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •