First published: Thu Oct 29 2020(Updated: )
SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zohocorp ManageEngine Applications Manager | =14.0 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14000 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14010 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14020 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14030 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14040 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14050 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14060 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14070 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14071 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14072 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14073 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14080 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14090 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14100 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14110 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14120 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14130 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14140 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14150 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14160 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14170 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14180 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14190 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14200 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14210 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14220 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14230 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14240 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14250 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14260 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14261 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14262 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14270 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14280 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14290 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14300 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14310 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14330 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14331 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14332 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14340 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14350 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14360 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14361 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14370 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14380 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14390 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14400 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14401 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14410 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14420 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14430 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14440 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14450 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14460 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14470 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14480 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14490 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14500 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14510 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14520 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14530 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14531 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14532 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14533 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14540 | |
Zohocorp ManageEngine Applications Manager | =14.0-build14550 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-27995 is a SQL Injection vulnerability found in Zoho ManageEngine Applications Manager version 14 before 14560.
CVE-2020-27995 has a severity rating of 9.8, making it critical.
An attacker can execute commands on the server via the MyPage.do template_resid parameter.
To address CVE-2020-27995, it is recommended to update Zoho ManageEngine Applications Manager to version 14560 or higher.
For more information about CVE-2020-27995, you can refer to the ManageEngine website at the provided reference link.