Description
SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.
Exploits (1)
exploitdb
WORKING POC
by Muhammad Ahmed Siddiqui · textwebappsjsp
https://www.exploit-db.com/exploits/35890
References (5)
Core 5
Core References
Exploit x_refsource_misc
http://packetstormsecurity.com/files/130079/ManageEngine-ServiceDesk-9.0-SQL-Injection.html
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/35890
Exploit x_refsource_misc
http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-sql-injection-vulnerability
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/72299
Vendor Advisory x_refsource_misc
http://www.manageengine.com/products/service-desk/readme-9.0.html
Scores
EPSS
0.1056
EPSS Percentile
93.3%
Details
CWE
CWE-89
Status
published
Products (1)
zohocorp/servicedesk_plus
< 9.0
Published
Feb 04, 2015
Tracked Since
Feb 18, 2026