cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-49574,https://securityvulnerability.io/vulnerability/CVE-2024-49574,Zohocorp ManageEngine ADAudit Plus SQL Injection Vulnerability,"A SQL Injection vulnerability exists in the reports module of Zohocorp's ManageEngine ADAudit Plus, affecting all versions prior to 8123. This vulnerability allows an attacker to execute arbitrary SQL code, potentially leading to unauthorized access to sensitive data, loss of data integrity, or exposure of confidential information. Organizations using affected versions are encouraged to implement appropriate security measures and apply patches to mitigate the risk associated with this vulnerability.",Manageengine,Adaudit Plus,8.3,HIGH,0.0007200000109151006,false,false,false,false,,false,false,2024-11-18T07:55:13.332Z,0
CVE-2024-36485,https://securityvulnerability.io/vulnerability/CVE-2024-36485,SQL Injection Vulnerability in Technician Reports Option,"A SQL Injection vulnerability exists in the Technician reports feature of ManageEngine ADAudit Plus versions prior to 8121. This flaw allows unauthorized users to execute arbitrary SQL commands, which could lead to unauthorized access to sensitive data, modification of the database, or even full system compromise. Organizations utilizing affected versions are strongly advised to apply any available patches or updates to mitigate potential risks.",Manageengine,Adaudit Plus,8.8,HIGH,0.0007200000109151006,false,false,false,false,,false,false,2024-11-04T11:13:02.838Z,0
CVE-2024-5608,https://securityvulnerability.io/vulnerability/CVE-2024-5608,Zohocorp ADAudit Plus Vulnerable to SQL Injection in Technician Reports,"ManageEngine ADAudit Plus, developed by Zohocorp, is susceptible to a SQL Injection vulnerability located within its technician reports feature. This flaw permits attackers to manipulate SQL queries by injecting malicious code, potentially leading to unauthorized access to sensitive data, data corruption, and overall system disruption. Users with versions below 8121 should prioritize upgrades to mitigate risks associated with this vulnerability and ensure the integrity of their auditing processes.",Manageengine,Adaudit Plus,8.1,HIGH,0.003809999907389283,false,false,false,false,,false,false,2024-10-24T11:42:44.789Z,0
CVE-2024-5586,https://securityvulnerability.io/vulnerability/CVE-2024-5586,Zohocorp ADAudit Plus Vulnerable to Authenticated SQL Injection,"An authenticated SQL injection vulnerability has been identified in the extranet lockouts report option of ManageEngine ADAudit Plus, developed by Zoho Corp. This issue affects all versions below 8121. Attackers with authenticated access can exploit this vulnerability to compromise the database, potentially allowing for unauthorized data access and manipulation. Proper patching and version upgrades are critical to mitigating this risk.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,false,false,false,,false,false,2024-08-23T13:54:53.458Z,0
CVE-2024-5556,https://securityvulnerability.io/vulnerability/CVE-2024-5556,Zohocorp ADAudit Plus Vulnerable to Authenticated SQL Injection,"ManageEngine ADAudit Plus, developed by Zohocorp, is susceptible to an authenticated SQL injection vulnerability affecting versions below 8000. This vulnerability exists within the reports module, where improper handling of user-supplied inputs can allow an attacker to execute arbitrary SQL commands. Exploiting this vulnerability could facilitate unauthorized access to sensitive database information, potentially compromising user data integrity and confidentiality. Organizations utilizing affected versions are strongly advised to upgrade to the latest version to mitigate the risks associated with this vulnerability.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,false,false,false,,false,false,2024-08-23T13:52:28.522Z,0
CVE-2024-5490,https://securityvulnerability.io/vulnerability/CVE-2024-5490,Authenticated SQL Injection in Zohocorp ManageEngine ADAudit Plus,"Zohocorp's ManageEngine ADAudit Plus, specifically versions prior to 8000, presents a significant security vulnerability due to an authenticated SQL injection flaw in its aggregate reports feature. This vulnerability could permit attackers with authenticated access to execute arbitrary SQL commands, potentially compromising sensitive data within the system. Organizations utilizing these versions should prioritize applying the necessary patches and updates to mitigate the risk of unauthorized data access and maintain the integrity of their data security.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,false,false,false,,false,false,2024-08-23T13:44:08.468Z,0
CVE-2024-36514,https://securityvulnerability.io/vulnerability/CVE-2024-36514,Authenticated SQL Injection Vulnerability in ManageEngine ADAudit Plus Below Version 8000,"The vulnerability affects Zohocorp's ManageEngine ADAudit Plus versions earlier than 8000, enabling an authenticated SQL injection through the file summary option. This flaw permits attackers to manipulate SQL queries, potentially leading to unauthorized access and exposure of sensitive data. Ensuring that systems are updated to the latest version is recommended to mitigate this risk and enhance overall security.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,false,false,false,,false,false,2024-08-23T13:37:56.318Z,0
CVE-2024-36515,https://securityvulnerability.io/vulnerability/CVE-2024-36515,ManageEngine ADAudit Plus Vulnerable to Authenticated SQL Injection,"The vulnerability affects Zohocorp's ManageEngine ADAudit Plus prior to version 8000, where an authenticated SQL injection flaw exists in the dashboard component. This weakness allows authenticated attackers to manipulate SQL queries, potentially leading to unauthorized access or manipulation of data within the application. It is crucial for users to assess their systems and apply necessary patches or updates to mitigate associated risks.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,false,false,false,,false,false,2024-08-23T13:37:02.810Z,0
CVE-2024-36516,https://securityvulnerability.io/vulnerability/CVE-2024-36516,Zohocorp ADAudit Plus Versions Below 8000 Vulnerable to Authenticated SQL Injection,"The vulnerability allows an authenticated user to perform a SQL injection attack against the dashboard of the affected versions of ManageEngine ADAudit Plus. This flaw enables attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive information or database compromise. Users of ADAudit Plus versions prior to 8000 are advised to apply patches or updates to mitigate these risks promptly.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,false,false,false,,false,false,2024-08-23T13:36:05.237Z,0
CVE-2024-36517,https://securityvulnerability.io/vulnerability/CVE-2024-36517,Zohocorp ManageEngine ADAudit Plus vulnerable to SQL injection,"An authenticated SQL injection vulnerability exists in the alerts module of ManageEngine ADAudit Plus, affecting versions below 8000. This security flaw can allow unauthorized users to manipulate SQL queries, potentially leading to data exposure or manipulation. Organizations using affected versions should take immediate steps to update their software to safeguard against potential attacks and ensure the integrity of their data.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,false,false,false,,false,false,2024-08-23T13:34:01.453Z,0
CVE-2024-5467,https://securityvulnerability.io/vulnerability/CVE-2024-5467,Zohocorp ManageEngine ADAudit Plus Versions Below 8121 Vulnerable to Authenticated SQL Injection,"ManageEngine ADAudit Plus versions prior to 8121 expose users to an authenticated SQL injection vulnerability within the account lockout report functionality. This security flaw allows an attacker with valid credentials to execute arbitrary SQL queries through the application, potentially leading to unauthorized access to sensitive information, modification of data, or even complete compromise of affected systems. Organizations using non-updated versions of ADAudit Plus may face significant security risks, making it vital to apply the necessary updates and maintain the integrity of their security posture.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,false,false,false,,false,false,2024-08-23T13:28:28.419Z,0
CVE-2024-36034,https://securityvulnerability.io/vulnerability/CVE-2024-36034,Zohocorp ADAudit Plus Vulnerability: Authenticated SQL Injection in Aggregate Reports' Search Option,"ManageEngine ADAudit Plus, a product from Zohocorp, has a vulnerability that allows for authenticated SQL Injection. This security flaw exists in the search option of aggregate reports within versions prior to 8003. This weakness could potentially be exploited by authenticated users to execute arbitrary SQL commands, leading to unauthorized data exposure or manipulation. Users are urged to upgrade to version 8003 or later to mitigate these risks and secure their systems against possible exploitation.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,false,false,false,,false,false,2024-08-12T07:23:17.212Z,0
CVE-2024-36035,https://securityvulnerability.io/vulnerability/CVE-2024-36035,Zohocorp ManageEngine ADAudit Plus vulnerable to authenticated SQL Injection,ManageEngine ADAudit Plus versions earlier than 8003 contain a vulnerability that allows authenticated users to exploit SQL injection flaws during user session recording. This can lead to unauthorized access to sensitive information and compromise data integrity within the application. It is essential for organizations utilizing ManageEngine ADAudit Plus to update to the latest version to mitigate potential security risks.,Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,false,false,false,,false,false,2024-08-12T07:19:54.491Z,0
CVE-2024-36518,https://securityvulnerability.io/vulnerability/CVE-2024-36518,Vulnerability in ManageEngine ADAudit Plus,"The vulnerability in ZohoCorp's ManageEngine ADAudit Plus stems from an authenticated SQL injection issue present in the attack surface analyzer's dashboard. This flaw allows attackers with valid credentials to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive information stored in the system's database. Organizations using versions of ADAudit Plus earlier than 8110 should implement proper security measures and consider upgrading to the latest version to mitigate potential risks.",Manageengine,Adaudit Plus,8.3,HIGH,0.014120000414550304,false,false,false,false,,false,false,2024-08-12T07:13:49.843Z,0
CVE-2024-5487,https://securityvulnerability.io/vulnerability/CVE-2024-5487,Zohocorp ManageEngine ADAudit Plus vulnerable to SQL Injection,"ManageEngine ADAudit Plus by Zohocorp contains a significant vulnerability identified as an authenticated SQL Injection, specifically affecting versions below 8110. This vulnerability arises in the attack surface analyzer's export option, allowing an attacker with valid credentials to manipulate SQL queries, potentially leading to unauthorized data access or data compromise. Organizations using these affected versions should implement remediation measures to safeguard against exploitation and ensure the integrity and confidentiality of their data.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,false,false,false,,false,false,2024-08-12T07:04:12.610Z,0
CVE-2024-5527,https://securityvulnerability.io/vulnerability/CVE-2024-5527,"{""value"":""Zohocorp ManageEngine ADAudit Plus Vulnerable to Authenticated SQL Injection in File Auditing Configuration"",""type"":""short""}","ZohoCorp's ManageEngine ADAudit Plus versions prior to 8110 exhibit a significant security flaw characterized by authenticated SQL Injection. This vulnerability arises during the configuration of file auditing, exposing systems to potential exploitation by authorized users. By manipulating SQL queries, attackers can gain unauthorized access to sensitive information stored in the database, leading to possible data breaches and integrity issues. Organizations utilizing affected versions should prioritize updates to mitigate these risks.",Manageengine,Adaudit Plus,8.8,HIGH,0.003860000055283308,false,false,false,false,,false,false,2024-08-12T05:31:09.050Z,0
CVE-2024-36037,https://securityvulnerability.io/vulnerability/CVE-2024-36037,Unauthorized Access to Session Recordings in ADAudit Plus,Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings.,Manageengine,Adaudit Plus,5.5,MEDIUM,0.0006000000284984708,false,false,false,false,,false,false,2024-05-27T17:59:52.711Z,0
CVE-2024-36036,https://securityvulnerability.io/vulnerability/CVE-2024-36036,Unauthorized Access to Sensitive Information in ManageEngine ADAudit Plus,Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration.,Manageengine,Adaudit Plus,4.2,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-27T17:58:16.113Z,0
CVE-2024-21791,https://securityvulnerability.io/vulnerability/CVE-2024-21791,SQL Injection in ADAudit Plus,"Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. 
Note: Non-admin users cannot exploit this vulnerability.",Manageengine,Adaudit Plus,4.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-22T18:15:00.000Z,0
CVE-2023-49335,https://securityvulnerability.io/vulnerability/CVE-2023-49335,Zoho ManageEngine ADAudit Plus Vulnerability Allows SQL Injection,"A vulnerability exists in Zoho ManageEngine ADAudit Plus that permits SQL injection when retrieving file server details. The flaw impacts versions prior to 7271, enabling potential attackers to exploit this weakness to access sensitive data. If unaddressed, such vulnerabilities can lead to unauthorized access, data breaches, and a compromise of system integrity.",Manageengine,Adaudit Plus,8.3,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-20T17:55:49.809Z,0
CVE-2023-49334,https://securityvulnerability.io/vulnerability/CVE-2023-49334,Zoho ManageEngine ADAudit Plus Vulnerability: SQL Injection Risk in Export Function,Zoho ManageEngine ADAudit Plus versions below 7271 contain a vulnerability that allows for SQL injection during the export of a full summary report. This flaw could enable an attacker to manipulate database queries and gain unauthorized access to sensitive data. Users are strongly advised to upgrade to the patched version to mitigate the risk associated with this vulnerability.,Manageengine,Adaudit Plus,8.3,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-20T17:55:14.220Z,0
CVE-2023-49333,https://securityvulnerability.io/vulnerability/CVE-2023-49333,Zoho ManageEngine ADAudit Plus Vulnerability: SQL Injection in Dashboard Graph Feature,"The vulnerability in Zoho ManageEngine ADAudit Plus, specifically in versions below 7271, poses a significant risk due to an SQL injection flaw present in the dashboard graph feature. Attackers can exploit this weakness to execute harmful SQL commands that can compromise the integrity and confidentiality of database information. Organizations using affected versions are advised to upgrade to the latest version to mitigate potential security breaches and protect sensitive data.",Manageengine,Adaudit Plus,8.3,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-20T17:51:50.719Z,0
CVE-2023-49332,https://securityvulnerability.io/vulnerability/CVE-2023-49332,Zoho ManageEngine ADAudit Plus Vulnerable to SQL Injection and File Share Attacks,"A security vulnerability has been identified in Zoho ManageEngine ADAudit Plus versions prior to 7271, which permits SQL injection during the process of adding file shares. This weakness could allow an attacker to execute arbitrary SQL queries via manipulated input, with potential access to sensitive data and unauthorized system control. It is essential for users of affected versions to promptly update to the latest release to mitigate this risk and enhance their data security posture.",Manageengine,Adaudit Plus,8.3,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-20T17:45:36.459Z,0
CVE-2023-49331,https://securityvulnerability.io/vulnerability/CVE-2023-49331,Zoho ManageEngine ADAudit Plus Vulnerability: SQL Injection in Aggregate Reports Search Option,"A vulnerability has been identified in certain versions of Zoho ManageEngine ADAudit Plus, specifically those prior to version 7271. This flaw allows for SQL injection attacks via the aggregate reports search functionality, potentially enabling unauthorized access to sensitive data. Exploitation of this vulnerability could lead to manipulation of the underlying database, affecting the integrity and confidentiality of the information held within the affected application.",Manageengine,Adaudit Plus,8.3,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-20T17:35:49.217Z,0
CVE-2023-49330,https://securityvulnerability.io/vulnerability/CVE-2023-49330,Zoho ManageEngine ADAudit Plus Vulnerability: SQL Injection Risk,"A SQL Injection vulnerability exists in Zoho ManageEngine ADAudit Plus versions prior to 7271. This vulnerability allows attackers to exploit the application by executing arbitrary SQL queries through manipulated input, potentially leading to unauthorized access to sensitive information, including aggregate report data. Organizations utilizing affected versions should prioritize applying the latest updates to mitigate the risk associated with this security issue.",Manageengine,Adaudit Plus,8.3,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-20T12:19:59.734Z,0