CVE-2015-7766
ZOHO ManageEngine OpManager <11.6 - Auth Bypass
Title source: llmDescription
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotejava
https://www.exploit-db.com/exploits/38221
metasploit
WORKING POC
MANUAL
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/manage_engine_opmanager_rce.rb
References (5)
Scores
EPSS
0.7755
EPSS Percentile
99.0%
Details
CWE
CWE-264
Status
published
Products (2)
zohocorp/manageengine_opmanager
11.6
zohocorp/manageengine_opmanager
< 11.5
Published
Oct 09, 2015
Tracked Since
Feb 18, 2026