CVE-2019-11469

Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature.
Configurations

Configuration 1

cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*

Information

Published : 2019-04-23 04:29

Updated : 2019-04-26 04:45


NVD link : CVE-2019-11469

Mitre link : CVE-2019-11469

Products Affected
No products.
CWE