Time-based Blind SQL Injection Vulnerability in Zoho ManageEngine Application Manager
CVE-2017-11738 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.