First published: Wed Aug 08 2018(Updated: )
A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zohocorp ManageEngine Applications Manager | <13.13820 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-15168 is critical with a score of 9.8.
The SQL Injection vulnerability in CVE-2018-15168 can be exploited through the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request.
The Zoho ManageEngine Applications Manager version 13 before build 13820 is affected by CVE-2018-15168.
Yes, a fix is available. Please refer to the vendor's security update page for more information.
You can find more information about CVE-2018-15168 on the vendor's security updates page and the CVE details page.