Zoho ManageEngine Applications Manager Unauthenticated SQL Injection Vulnerability

Zoho ManageEngine Applications Manager Unauthenticated SQL Injection Vulnerability

CVE-2019-11448 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.