Authenticated SQL Injection in Zoho ManageEngine Applications Manager through 14930 via resourceid parameter in showresource.do

Authenticated SQL Injection in Zoho ManageEngine Applications Manager through 14930 via resourceid parameter in showresource.do

CVE-2020-35765 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.