CVE-2015-7387

ManageEngine EventLog Analyzer < 10.6 - SQL Injection via event/runQuery.do Query Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2015-7387. PoCs published by Metasploit, xistence, including Metasploit module exploits/windows/misc/manageengine_eventlog_analyzer_rce.

AI-analyzed exploit summary This Metasploit module exploits a SQL injection vulnerability in ManageEngine EventLog Analyzer, allowing authenticated users to execute arbitrary SQL queries as the 'postgres' user. It uploads a malicious JSP payload to achieve remote code execution with SYSTEM privileges.

Description

ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/38352

This Metasploit module exploits a SQL injection vulnerability in ManageEngine EventLog Analyzer, allowing authenticated users to execute arbitrary SQL queries as the 'postgres' user. It uploads a malicious JSP payload to achieve remote code execution with SYSTEM privileges.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ManageEngine EventLog Analyzer v10.6 build 10060 and previous versions
Auth required
Prerequisites: Network access to the target · Valid credentials (default 'guest:guest' works)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by xistence · textwebappsmultiple
https://www.exploit-db.com/exploits/38173

This writeup describes an authenticated SQL injection vulnerability in ManageEngine EventLog Analyzer v10.6 build 10060 and earlier. The vulnerability allows SQL query execution via the '/event/runQuery.do' endpoint, including bypassing restrictions on INSERT/UPDATE queries by chaining them with SELECT statements.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: ManageEngine EventLog Analyzer v10.6 build 10060 and earlier
Auth required
Prerequisites: Access to a guest or higher privilege account · Network access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC MANUAL
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/manageengine_eventlog_analyzer_rce.rb

This Metasploit module exploits a SQL injection vulnerability in ManageEngine EventLog Analyzer, allowing authenticated users to execute arbitrary SQL queries as the 'postgres' user. It uploads a malicious JSP payload to achieve remote code execution with SYSTEM privileges.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ManageEngine EventLog Analyzer v10.6 build 10060 and previous versions
Auth required
Prerequisites: Network access to the target · Valid credentials (default 'guest:guest' works)
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6

Scores

EPSS 0.8019
EPSS Percentile 99.6%

Details

CWE
CWE-89
Status published
Products (1)
zohocorp/manageengine_eventlog_analyzer < 10.6
Published Sep 28, 2015
Tracked Since Feb 18, 2026