An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection.
The information has been provided by Vendor
The original article can be found at: https://www.manageengine.com/network-monitoring/help/read-me-complete.html
Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.
Zoho ManageEngine OpManager before 12.4