Time-based Blind SQL Injection Vulnerability in Zoho ManageEngine Application Manager

Time-based Blind SQL Injection Vulnerability in Zoho ManageEngine Application Manager

CVE-2017-11738 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.