Summary
An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection.
Credit:
The information has been provided by Vendor
The original article can be found at: https://www.manageengine.com/network-monitoring/help/read-me-complete.html
Details
Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.
Vulnerable Systems:
Zoho ManageEngine OpManager before 12.4
CVE Information:
Disclosure Timeline:
Published Date:10/15/2019