Unrated severityNVD Advisory· Published Nov 17, 2014· Updated May 6, 2026

CVE-2014-8498

Description

SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter.

Affected products

Zohocorp/Manageengine Password Manager Pro2 versions
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:-:*:*:*+ 1 more
- cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:-:*:*:*range: <=7.1
- cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:managed_service_providers:*:*:*range: <=7.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.htmlnvdExploitThird Party AdvisoryVDB Entry
seclists.org/fulldisclosure/2014/Nov/18nvdExploitMailing ListThird Party Advisory
www.exploit-db.com/exploits/35210nvdExploitThird Party AdvisoryVDB Entry
raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txtnvdExploit
www.securityfocus.com/bid/71016nvdThird Party AdvisoryVDB Entry
osvdb.org/show/osvdb/114483nvdBroken Link
exchange.xforce.ibmcloud.com/vulnerabilities/98596nvdVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000