SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2015-7766

PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.0
Exploit Score: 8.0
Impact Score: 10.0

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

http://seclists.org/fulldisclosure/2015/Sep/66

EXPLOIT-DB-38221

http://packetstormsecurity.com/files/133596/ManageEngine-OpManager-Remote-Code-Execution.html

http://www.rapid7.com/db/modules/exploit/windows/http/manage_engine_opmanager_rce

https://support.zoho.com/portal/manageengine/helpcenter/articles/pgsql-submitquery-do-vulnerability


30480



423868



253164



909



197077



282