// For flags

CVE-2015-7766

ManageEngine OpManager - Remote Code Execution

Severity Score

9.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."

PGSQL:SubmitQuery.do en ZOHO ManageEngine OpManager 11.6, 11.5 y anteriores permite a administradores remotos eludir las restricciones de consulta SQL a través de un comentario en la consulta a api/json/admin/SubmitQuery, según lo demostrado por 'INSERT/**/INTO'.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-10-09 CVE Reserved
  • 2015-10-09 CVE Published
  • 2024-09-17 CVE Updated
  • 2024-09-17 First Exploit
  • 2024-11-02 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Zohocorp
Search vendor "Zohocorp"
Manageengine Opmanager
Search vendor "Zohocorp" for product "Manageengine Opmanager"
<= 11.5
Search vendor "Zohocorp" for product "Manageengine Opmanager" and version " <= 11.5"
-
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Opmanager
Search vendor "Zohocorp" for product "Manageengine Opmanager"
11.6
Search vendor "Zohocorp" for product "Manageengine Opmanager" and version "11.6"
-
Affected