CVE-2015-1479

ZOHO ManageEngine SDP <9.0.9031 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-1479. PoCs published by Muhammad Ahmed Siddiqui.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in ManageEngine ServiceDesk Plus via the 'site' parameter in CreateReportTable.jsp. It includes proof-of-concept payloads for both PostgreSQL and MySQL databases.

Description

SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.

Exploits (1)

exploitdb WORKING POC
by Muhammad Ahmed Siddiqui · textwebappsjsp
https://www.exploit-db.com/exploits/35890

The exploit demonstrates a SQL injection vulnerability in ManageEngine ServiceDesk Plus via the 'site' parameter in CreateReportTable.jsp. It includes proof-of-concept payloads for both PostgreSQL and MySQL databases.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: ManageEngine ServiceDesk Plus 9.0
Auth required
Prerequisites: Authenticated access to the application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

EPSS 0.0393
EPSS Percentile 89.1%

Details

CWE
CWE-89
Status published
Products (1)
zohocorp/servicedesk_plus < 9.0
Published Feb 04, 2015
Tracked Since Feb 18, 2026