Vulnerabilities > Zohocorp > Manageengine Applications Manager

DATE CVE VULNERABILITY TITLE RISK
2017-11-05 CVE-2017-16543 SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0
Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.
network
low complexity
zohocorp CWE-89
critical
 9.8
9.8
2017-11-05 CVE-2017-16542 SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0
Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.
network
low complexity
zohocorp CWE-89
8.8
8.8