Vulnerability Description
A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zohocorp | Manageengine Applications Manager | < 13.13820 |
Related Weaknesses (CWE)
References
- https://github.com/x-f1v3/ForCve/issues/2ExploitThird Party Advisory
- https://www.manageengine.com/products/applications_manager/issues.htmlRelease NotesVendor Advisory
- https://www.manageengine.com/products/applications_manager/security-updates/secuVendor Advisory
- https://github.com/x-f1v3/ForCve/issues/2ExploitThird Party Advisory
- https://www.manageengine.com/products/applications_manager/issues.htmlRelease NotesVendor Advisory
- https://www.manageengine.com/products/applications_manager/security-updates/secuVendor Advisory
FAQ
What is CVE-2018-15168?
CVE-2018-15168 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request.
How severe is CVE-2018-15168?
CVE-2018-15168 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-15168?
Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Applications Manager.