漏洞描述
Zoho ManageEngine Password Manager Pro及相关产品中存在SQL注入漏洞。该漏洞是由于对UserGroupListTableController类中的actionType参数验证不正确导致的。
Zoho ManageEngine Password Manager Pro UserGroupListTableController SQL注入漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2025-56132: LiquidFiles < 4.2 - User Enumeration via Password Reset
- POC CVE-2025-36845: Eveo URVE Web Manager - Server-Side Request Forgery
- POC CVE-2025-49533: Adobe Experience Manager Forms - Insecure Deserialization
- POC CVE-2026-23760: SmarterTools SmarterMail - Admin Password Reset
- POC wp-duracelltomi-google-tag-manager-fpd: WordPress Plugin Google Tag Manager - Full Path Disclosure
- POC CVE-2022-36923: Zoho ManageEngine - getUserAPIKey Authentication Bypass
- POC CVE-2024-2862: LG LED Assistant - Unauthenticated Password Reset
- POC wp-duracelltomi-google-tag-manager-fpd: WordPress Plugin Google Tag Manager - Full Path Disclosure
- ETAP Safety Manager 跨站脚本漏洞
- POC CVE-2020-26836: SAP Solution Manager - Open Redirect
- POC CVE-2021-37415: Zoho ManageEngine ServiceDesk Plus - Authentication Bypass
- POC bitrix-log-file-disclosure: Bitrix Site Manager - Log File Disclosure
- POC nexus-repository-anonymous-access: Nexus Repository Manager - Anonymous Access Enabled