Authenticated SQL Injection in Zoho ManageEngine Applications Manager through 14930 via resourceid parameter in showresource.do
CVE-2020-35765 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.