First published: Thu Nov 16 2017(Updated: )
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zohocorp ManageEngine Applications Manager | =13.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for Zoho ManageEngine Applications Manager is CVE-2017-16849.
The severity rating of CVE-2017-16849 is critical with a severity value of 9.8.
CVE-2017-16849 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter in Zoho ManageEngine Applications Manager 13 before build 13530.
The affected version of Zoho ManageEngine Applications Manager is version 13.0.
To fix CVE-2017-16849, update Zoho ManageEngine Applications Manager to build 13530 or later.