CVE-2018-5339
Description
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184 fail to enforce database query type restrictions, allowing unauthenticated attackers to alter database entries.
Vulnerability
The vulnerability resides in Zoho ManageEngine Desktop Central versions 10.0.124 and 10.0.184 [1]. The application fails to sufficiently enforce restrictions on the types of database queries that can be executed, allowing unauthorized database write operations [1].
Exploitation
An attacker with network access to the Desktop Central console can send crafted queries to the backend database without requiring authentication [1]. The insufficient enforcement of query type restrictions enables the attacker to execute statements that modify database entries [1].
Impact
Successful exploitation allows an unauthenticated attacker to alter entries in the database [1]. Depending on the data modified, this could lead to privilege escalation or disruption of service [1]. The attacker may gain unauthorized control over application data and configurations [1].
Mitigation
The vendor released a fix on 24-April-2018 [1]. Administrators should update to the latest build available from the Endpoint Central console by downloading and applying the PPM update [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: 10.0.124, 10.0.184
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.