CVE-2014-8498

Zohocorp Manageengine Password Manager Pro < 7.1 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter.

Exploits (1)

exploitdb WRITEUP

by Pedro Ribeiro · textwebappsmultiple

https://www.exploit-db.com/exploits/35210

View Code ZIP pw:eip

References (7)

Core 7

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/71016

Broken Link vdb-entry x_refsource_osvdb

http://osvdb.org/show/osvdb/114483

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.html

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Nov/18

Exploit x_refsource_misc

https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txt

VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/98596

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/35210

Scores

EPSS 0.0457

EPSS Percentile 89.2%

Details

CWE

CWE-89

Status published

Products (1)

zohocorp/manageengine_password_manager_pro < 7.1 (2 CPE variants)

Published Nov 17, 2014

Tracked Since Feb 18, 2026