CVE-2014-7867
ZOHO ManageEngine OpManager 11.3-11.4, IT360 10.3-10.4, Social IT Plus 11.0 - SQL Injection via probeName Parameter
Title source: llmDescription
SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter.
References (1)
Core 1
Core References
Patch x_refsource_confirm
https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix
Scores
EPSS
0.6214
EPSS Percentile
98.4%
Details
CWE
CWE-89
Status
published
Products (5)
zohocorp/manageengine_it360
10.3.0
zohocorp/manageengine_it360
10.4
zohocorp/manageengine_opmanager
11.3
zohocorp/manageengine_opmanager
11.4
zohocorp/manageengine_social_it_plus
11.0
Published
Dec 04, 2014
Tracked Since
Feb 18, 2026