Unrated severityNVD Advisory· Published Apr 23, 2019· Updated Aug 4, 2024
CVE-2019-11469
CVE-2019-11469
Description
Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: >=12,<=14
- Range: >=12, <=14
Patches
Vulnerability mechanics
References
5- www.exploit-db.com/exploits/46740/mitreexploitx_refsource_EXPLOIT-DB
- packetstormsecurity.com/files/152607/ManageEngine-Applications-Manager-14.0-SQL-Injection-Command-Injection.htmlmitrex_refsource_MISC
- pentest.com.tr/exploits/ManageEngine-App-Manager-14-Auth-Bypass-Remote-Command-Execution.htmlmitrex_refsource_MISC
- www.exploit-db.com/exploits/46740mitrex_refsource_MISC
- www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11469.htmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.