Unrated severityNVD Advisory· Published Nov 17, 2014· Updated May 6, 2026

CVE-2014-8499

Description

Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc.

Affected products

Manageengine/Passwordmanager Pro2 versions
cpe:2.3:a:manageengine:password_manager_pro:*:build_7104:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:manageengine:password_manager_pro:*:build_7104:*:*:*:*:*:*range: <=7.1
- cpe:2.3:a:manageengine:password_manager_pro:*:build_7104:*:*:managed_service_providers:*:*:*range: <=7.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.htmlnvdExploit
www.exploit-db.com/exploits/35210nvdExploit
raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txtnvdExploit
osvdb.org/show/osvdb/114484nvd
osvdb.org/show/osvdb/114485nvd
seclists.org/fulldisclosure/2014/Nov/18nvd
www.securityfocus.com/bid/71018nvd
exchange.xforce.ibmcloud.com/vulnerabilities/98595nvd
exchange.xforce.ibmcloud.com/vulnerabilities/98597nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.060
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000