CVE-2015-5459
Summary
| CVE | CVE-2015-5459 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-07-08 15:59:00 UTC |
| Updated | 2016-12-07 18:16:00 UTC |
| Description | SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc. |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Zohocorp | Manageengine Password Manager Pro | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ManageEngine Password Manager Pro 8.1 SQL Injection ≈ Packet Storm | MISC | packetstormsecurity.com | Exploit |
| ManageEngine Password Manager Pro 'SQLAdvancedALSearchResult.cc' SQL Injection Vulnerability | BID | www.securityfocus.com | |
| Full Disclosure: Re: [##2255763##] ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability | FULLDISC | seclists.org | |
| Release Notes - ManageEngine Password Manager Pro | CONFIRM | www.manageengine.com | Patch, Vendor Advisory |
| Full Disclosure: ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability | FULLDISC | seclists.org | Exploit |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.