N/A

Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet.

N/A

N/A

多款ZOHO ManageEngine产品SQL注入漏洞

ZOHO ManageEngine OpManager、IT360和Social IT Plus都是美国卓豪（ZOHO）公司的产品。ManageEngine OpManager是一套网络、服务器及虚拟化监控软件；ManageEngine IT360是一套IT运维综合治理平台；ManageEngine Social IT Plus是一套面向IT团队推出的社交网络协作平台。 多款ZOHO ManageEngine产品中存在SQL注入漏洞，该漏洞源于程序执行Delete操作时，APMBVHandler serv

N/A

N/A