Vulnerability CVE-2014-7868

Vulnerability CVE-2014-7868

Published: 2014-12-04

Description:

	Topic	Author	Date
High	ManageEngine OpManager / Social IT Plus / IT360 File Upload / SQL Injection	Pedro Ribeiro	11.11.2014
Med.	ManageEngine OpManager / Social IT Plus / IT360 Multiple Vulnerabilities	Agile	26.01.2018

Type:

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Affected software
Zohocorp -> Manageengine it360
Zohocorp -> Manageengine it plus
Zohocorp -> Manageengine opmanager
Zohocorp -> Manageengine social it plus

http://packetstormsecurity.com/files/129037/ManageEngine-OpManager-Social-IT-Plus-IT360-File-Upload-SQL-Injection.html

http://seclists.org/fulldisclosure/2014/Nov/21

http://www.securityfocus.com/archive/1/533946/100/0/threaded

http://www.securityfocus.com/bid/71002

https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt

https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix