ManageEngine Support Center Plus Multiple Security Vulnerabilities

Bugtraq ID:	53019
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 15 2012 12:00AM
Updated:	Apr 15 2012 12:00AM
Credit:	xistence
Vulnerable:	ManageEngine Support Center Plus 7.9 Upgrade Pack 790
Not Vulnerable:	ManageEngine Support Center Plus 7.9.Upgrade Pack 790

ManageEngine Support Center Plus Multiple Security Vulnerabilities

ManageEngine Support Center Plus is prone to the following security vulnerabilities:

1. An SQL-injection vulnerability
2. Multiple HTML-injection vulnerabilities
3. Multiple security-bypass vulnerability

The attacker may exploit these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, and bypass certain security restrictions to perform unauthorized actions.

ManageEngine Support Center Plus Multiple Security Vulnerabilities

An attacker can exploit these issues with a web browser.

The following example data is available:

• /data/vulnerabilities/exploits/53019.txt

ManageEngine Support Center Plus Multiple Security Vulnerabilities

Solution:
Report indicates that these issues have been fixed; please contact the vendor for more information.

ManageEngine Support Center Plus Multiple Security Vulnerabilities

References:

• Support Center Plus Homepage (ZOHO Corporation)