CVE-2018-10466
CRITICALZoho ManageEngine ADAudit Plus <5.0.0 - SQL Injection
Title source: llmDescription
Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection.
References (2)
Core 2
Core References
Release Notes x_refsource_confirm
https://www.manageengine.com/products/active-directory-audit/adaudit-plus-release-notes.html
Third Party Advisory x_refsource_misc
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-10466
Scores
CVSS v3
9.8
EPSS
0.0985
EPSS Percentile
93.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
zohocorp/manageengine_adaudit_plus
< 5.0.0
Published
May 29, 2018
Tracked Since
Feb 18, 2026