First published: Mon Jul 02 2018(Updated: )
A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zohocorp ManageEngine Applications Manager | =13.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-13050 is a SQL Injection vulnerability that exists in Zoho ManageEngine Applications Manager 13.x before build 13800.
CVE-2018-13050 has a severity level of 9.8 (critical).
CVE-2018-13050 allows attackers to execute arbitrary SQL queries through the j_username parameter in a /j_security_check POST request, potentially leading to unauthorized data access or modification.
To fix CVE-2018-13050, it is recommended to update Zoho ManageEngine Applications Manager to build 13800 or later.
You can find more information about CVE-2018-13050 in the following references: [Link1](https://github.com/x-f1v3/ForCve/issues/1), [Link2](https://www.manageengine.com/products/applications_manager/issues.html), [Link3](https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-13050.html).