doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
References
Link | Resource |
---|---|
https://www.manageengine.com | Vendor Advisory |
https://www.manageengine.com/products/applications_manager/issues.html#v15000 | Release Notes Vendor Advisory |
https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-35765.html | Vendor Advisory |
https://www.tenable.com/security/research/tra-2021-02 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-02-05T08:55:35
Updated: 2021-02-09T19:32:36
Reserved: 2020-12-28T00:00:00
Link: CVE-2020-35765
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-02-05T14:15:16.357
Modified: 2021-02-17T21:05:56.017
Link: CVE-2020-35765
JSON object: View
Redhat Information
No data.
CWE