CVE-2020-27995: SQL Injection
First published: Thu Oct 29 2020(Updated: )
SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ManageEngine Applications Manager | =14.0 | |
| ManageEngine Applications Manager | =14.0-build14000 | |
| ManageEngine Applications Manager | =14.0-build14010 | |
| ManageEngine Applications Manager | =14.0-build14020 | |
| ManageEngine Applications Manager | =14.0-build14030 | |
| ManageEngine Applications Manager | =14.0-build14040 | |
| ManageEngine Applications Manager | =14.0-build14050 | |
| ManageEngine Applications Manager | =14.0-build14060 | |
| ManageEngine Applications Manager | =14.0-build14070 | |
| ManageEngine Applications Manager | =14.0-build14071 | |
| ManageEngine Applications Manager | =14.0-build14072 | |
| ManageEngine Applications Manager | =14.0-build14073 | |
| ManageEngine Applications Manager | =14.0-build14080 | |
| ManageEngine Applications Manager | =14.0-build14090 | |
| ManageEngine Applications Manager | =14.0-build14100 | |
| ManageEngine Applications Manager | =14.0-build14110 | |
| ManageEngine Applications Manager | =14.0-build14120 | |
| ManageEngine Applications Manager | =14.0-build14130 | |
| ManageEngine Applications Manager | =14.0-build14140 | |
| ManageEngine Applications Manager | =14.0-build14150 | |
| ManageEngine Applications Manager | =14.0-build14160 | |
| ManageEngine Applications Manager | =14.0-build14170 | |
| ManageEngine Applications Manager | =14.0-build14180 | |
| ManageEngine Applications Manager | =14.0-build14190 | |
| ManageEngine Applications Manager | =14.0-build14200 | |
| ManageEngine Applications Manager | =14.0-build14210 | |
| ManageEngine Applications Manager | =14.0-build14220 | |
| ManageEngine Applications Manager | =14.0-build14230 | |
| ManageEngine Applications Manager | =14.0-build14240 | |
| ManageEngine Applications Manager | =14.0-build14250 | |
| ManageEngine Applications Manager | =14.0-build14260 | |
| ManageEngine Applications Manager | =14.0-build14261 | |
| ManageEngine Applications Manager | =14.0-build14262 | |
| ManageEngine Applications Manager | =14.0-build14270 | |
| ManageEngine Applications Manager | =14.0-build14280 | |
| ManageEngine Applications Manager | =14.0-build14290 | |
| ManageEngine Applications Manager | =14.0-build14300 | |
| ManageEngine Applications Manager | =14.0-build14310 | |
| ManageEngine Applications Manager | =14.0-build14330 | |
| ManageEngine Applications Manager | =14.0-build14331 | |
| ManageEngine Applications Manager | =14.0-build14332 | |
| ManageEngine Applications Manager | =14.0-build14340 | |
| ManageEngine Applications Manager | =14.0-build14350 | |
| ManageEngine Applications Manager | =14.0-build14360 | |
| ManageEngine Applications Manager | =14.0-build14361 | |
| ManageEngine Applications Manager | =14.0-build14370 | |
| ManageEngine Applications Manager | =14.0-build14380 | |
| ManageEngine Applications Manager | =14.0-build14390 | |
| ManageEngine Applications Manager | =14.0-build14400 | |
| ManageEngine Applications Manager | =14.0-build14401 | |
| ManageEngine Applications Manager | =14.0-build14410 | |
| ManageEngine Applications Manager | =14.0-build14420 | |
| ManageEngine Applications Manager | =14.0-build14430 | |
| ManageEngine Applications Manager | =14.0-build14440 | |
| ManageEngine Applications Manager | =14.0-build14450 | |
| ManageEngine Applications Manager | =14.0-build14460 | |
| ManageEngine Applications Manager | =14.0-build14470 | |
| ManageEngine Applications Manager | =14.0-build14480 | |
| ManageEngine Applications Manager | =14.0-build14490 | |
| ManageEngine Applications Manager | =14.0-build14500 | |
| ManageEngine Applications Manager | =14.0-build14510 | |
| ManageEngine Applications Manager | =14.0-build14520 | |
| ManageEngine Applications Manager | =14.0-build14530 | |
| ManageEngine Applications Manager | =14.0-build14531 | |
| ManageEngine Applications Manager | =14.0-build14532 | |
| ManageEngine Applications Manager | =14.0-build14533 | |
| ManageEngine Applications Manager | =14.0-build14540 | |
| ManageEngine Applications Manager | =14.0-build14550 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-27995?
CVE-2020-27995 is a SQL Injection vulnerability found in Zoho ManageEngine Applications Manager version 14 before 14560.
How severe is CVE-2020-27995?
CVE-2020-27995 has a severity rating of 9.8, making it critical.
What can an attacker do with CVE-2020-27995?
An attacker can execute commands on the server via the MyPage.do template_resid parameter.
Is there a fix for CVE-2020-27995?
To address CVE-2020-27995, it is recommended to update Zoho ManageEngine Applications Manager to version 14560 or higher.
Where can I find more information about CVE-2020-27995?
For more information about CVE-2020-27995, you can refer to the ManageEngine website at the provided reference link.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/weakness
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zohocorp
- canonical/manageengine applications manager
- version/manageengine applications manager/14.0
- version/manageengine applications manager/14.0-build14000
- version/manageengine applications manager/14.0-build14010
- version/manageengine applications manager/14.0-build14020
- version/manageengine applications manager/14.0-build14030
- version/manageengine applications manager/14.0-build14040
- version/manageengine applications manager/14.0-build14050
- version/manageengine applications manager/14.0-build14060
- version/manageengine applications manager/14.0-build14070
- version/manageengine applications manager/14.0-build14071
- version/manageengine applications manager/14.0-build14072
- version/manageengine applications manager/14.0-build14073
- version/manageengine applications manager/14.0-build14080
- version/manageengine applications manager/14.0-build14090
- version/manageengine applications manager/14.0-build14100
- version/manageengine applications manager/14.0-build14110
- version/manageengine applications manager/14.0-build14120
- version/manageengine applications manager/14.0-build14130
- version/manageengine applications manager/14.0-build14140
- version/manageengine applications manager/14.0-build14150
- version/manageengine applications manager/14.0-build14160
- version/manageengine applications manager/14.0-build14170
- version/manageengine applications manager/14.0-build14180
- version/manageengine applications manager/14.0-build14190
- version/manageengine applications manager/14.0-build14200
- version/manageengine applications manager/14.0-build14210
- version/manageengine applications manager/14.0-build14220
- version/manageengine applications manager/14.0-build14230
- version/manageengine applications manager/14.0-build14240
- version/manageengine applications manager/14.0-build14250
- version/manageengine applications manager/14.0-build14260
- version/manageengine applications manager/14.0-build14261
- version/manageengine applications manager/14.0-build14262
- version/manageengine applications manager/14.0-build14270
- version/manageengine applications manager/14.0-build14280
- version/manageengine applications manager/14.0-build14290
- version/manageengine applications manager/14.0-build14300
- version/manageengine applications manager/14.0-build14310
- version/manageengine applications manager/14.0-build14330
- version/manageengine applications manager/14.0-build14331
- version/manageengine applications manager/14.0-build14332
- version/manageengine applications manager/14.0-build14340
- version/manageengine applications manager/14.0-build14350
- version/manageengine applications manager/14.0-build14360
- version/manageengine applications manager/14.0-build14361
- version/manageengine applications manager/14.0-build14370
- version/manageengine applications manager/14.0-build14380
- version/manageengine applications manager/14.0-build14390
- version/manageengine applications manager/14.0-build14400
- version/manageengine applications manager/14.0-build14401
- version/manageengine applications manager/14.0-build14410
- version/manageengine applications manager/14.0-build14420
- version/manageengine applications manager/14.0-build14430
- version/manageengine applications manager/14.0-build14440
- version/manageengine applications manager/14.0-build14450
- version/manageengine applications manager/14.0-build14460
- version/manageengine applications manager/14.0-build14470
- version/manageengine applications manager/14.0-build14480
- version/manageengine applications manager/14.0-build14490
- version/manageengine applications manager/14.0-build14500
- version/manageengine applications manager/14.0-build14510
- version/manageengine applications manager/14.0-build14520
- version/manageengine applications manager/14.0-build14530
- version/manageengine applications manager/14.0-build14531
- version/manageengine applications manager/14.0-build14532
- version/manageengine applications manager/14.0-build14533
- version/manageengine applications manager/14.0-build14540
- version/manageengine applications manager/14.0-build14550