Zoho ManageEngine OpManager before 12.4 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) Vulnerability
An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection.
The information has been provided by Vendor
The original article can be found at: https://www.manageengine.com/network-monitoring/help/read-me-complete.html
Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.
Zoho ManageEngine OpManager before 12.4