漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities
Vulnerability Description
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
ZOHO ManageEngine Applications Manager SQL注入漏洞
Vulnerability Description
ZOHO ManageEngine Applications Manager是美国卓豪(ZOHO)公司的一套应用性能监控软件。该软件可对不同的业务系统、应用和网络服务(如服务器、操作系统等)进行远程监控和管理。 ZOHO ManageEngine Applications Manager 12版本和13版本中存在SQL注入漏洞。远程攻击者可利用该漏洞执行任意的SQL命令。
CVSS Information
N/A
Vulnerability Type
N/A