First published: Tue Apr 23 2019(Updated: )
Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zohocorp ManageEngine Applications Manager | >=12.0<=14.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-11469 is a vulnerability in Zoho ManageEngine Applications Manager 12 through 14 that allows SQL injection and unauthorized file upload.
CVE-2019-11469 is considered a critical vulnerability with a severity value of 9.8.
Zoho ManageEngine Applications Manager versions 12 through 14 are affected by CVE-2019-11469.
An unauthenticated user can exploit CVE-2019-11469 by uploading a malicious file via the "Execute Program Action(s)" feature, gaining the authority of SYSTEM on the server.
The Common Weakness Enumeration (CWE) ID for CVE-2019-11469 is CWE-89, which refers to a SQL injection vulnerability.