Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ZOHO ManageEngine EventLog Analyzer SQL注入漏洞
Vulnerability Description
ZOHO ManageEngine EventLog Analyzer是美国卓豪(ZOHO)公司的一套系统、事件日志分析软件。该软件能够对全网范围内的主机、服务器、网络设备以及各种应用服务系统等产生的日志,进行全面收集和细致分析。 ZOHO ManageEngine EventLog Analyzer 10.6 build 10060及之前版本中存在SQL注入漏洞,该漏洞源于event/runQuery.do文件没有充分过滤‘query’参数。远程攻击者可利用该漏洞绕过既定的限制,执行任意SQL命令。
CVSS Information
N/A
Vulnerability Type
N/A