Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-12-04T17:00:00
Updated: 2024-08-06T13:03:27.444Z
Reserved: 2014-10-05T00:00:00
Link: CVE-2014-7868
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-12-04T17:59:06.720
Modified: 2024-11-21T02:18:10.457
Link: CVE-2014-7868
Redhat
No data.