Vulnerabilities > Zohocorp > Manageengine Applications Manager > 13.0

DATE	CVE	VULNERABILITY TITLE	RISK
2017-11-16	CVE-2017-16847	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. network low complexity zohocorp CWE-89 critical	9.8
2017-11-16	CVE-2017-16846	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. network low complexity zohocorp CWE-89 critical	9.8
2017-11-05	CVE-2017-16543	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter. network low complexity zohocorp CWE-89 critical	9.8
2017-11-05	CVE-2017-16542	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request. network low complexity zohocorp CWE-89	8.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.