CVE-2015-7387

Zohocorp Manageengine Eventlog Analyzer < 10.6 - SQL Injection

Title source: rule

Description

ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/38352

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by xistence · textwebappsmultiple

https://www.exploit-db.com/exploits/38173

View Code ZIP pw:eip

metasploit WORKING POC MANUAL

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/manageengine_eventlog_analyzer_rce.rb

View Code ZIP pw:eip

References (6)

[Exploit] http://packetstormsecurity.com/files/133581/ManageEngine-EventLog-Analyzer-10.6-Build-10060-SQL-Query-Execution.html

[Exploit] http://packetstormsecurity.com/files/133747/ManageEngine-EventLog-Analyzer-Remote-Code-Execution.html

[Exploit] http://seclists.org/fulldisclosure/2015/Sep/59

[Exploit] https://www.exploit-db.com/exploits/38173/

[Exploit] https://www.exploit-db.com/exploits/38352/

[Third Party Advisory] http://www.rapid7.com/db/modules/exploit/windows/misc/manageengine_eventlog_analyzer_rce

Scores

EPSS 0.8171

EPSS Percentile 99.2%

Details

CWE

CWE-89

Status published

Products (1)

zohocorp/manageengine_eventlog_analyzer < 10.6

Published Sep 28, 2015

Tracked Since Feb 18, 2026