Vulnerabilities > Zohocorp > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-36035 SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus
Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording.
network
low complexity
zohocorp CWE-89
8.8
8.8
2024-08-12 CVE-2024-5487 SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option.
network
low complexity
zohocorp CWE-89
8.8
8.8
2024-08-12 CVE-2024-5527 SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration.
network
low complexity
zohocorp CWE-89
8.8
8.8
2024-07-26 CVE-2024-38871 SQL Injection vulnerability in Zohocorp Manageengine Exchange Reporter Plus
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.
network
low complexity
zohocorp CWE-89
8.8
8.8
2024-07-26 CVE-2024-38872 SQL Injection vulnerability in Zohocorp Manageengine Exchange Reporter Plus
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module.
network
low complexity
zohocorp CWE-89
8.8
8.8
2024-07-17 CVE-2024-27311 Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine DDI Central 4001
Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder.
network
low complexity
zohocorp CWE-434
8.8
8.8
2024-05-20 CVE-2024-27312 Incorrect Authorization vulnerability in Zohocorp Manageengine Pam360
Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions.
network
low complexity
zohocorp CWE-863
8.1
8.1
2024-02-16 CVE-2024-21775 SQL Injection vulnerability in Zohocorp Manageengine Exchange Reporter Plus
Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.
network
low complexity
zohocorp CWE-89
8.8
8.8
2024-02-02 CVE-2024-0253 SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data.
network
low complexity
zohocorp CWE-89
8.8
8.8
2024-02-02 CVE-2024-0269 SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown.
network
low complexity
zohocorp CWE-89
8.8
8.8