Security Advisory

CVE-2019-11448

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-04-22 04:01:40

Last updated 2024-08-04 22:55:39

Assigner mitre

State PUBLISHED

Description

An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file.

← Browse all CVEs View on cve.org ↗