N/A

SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat.

N/A

N/A

多款ZOHO ManageEngine产品SQL注入漏洞

ZOHO ManageEngine Password Manager Pro和ManageEngine IT360都是美国卓豪（ZOHO）公司的产品。ManageEngine Password Manager Pro是一套密码管理软件；ManageEngine IT360是一套IT运维综合治理平台。 多款ZOHO ManageEngine产品的MetadataServlet servlet中存在SQL注入漏洞，该漏洞源于MetadataServlet.dat文件没有充分过滤‘sv’参数。远程攻击者可利用该

N/A

N/A