CVE-2020-28679
Description
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated SQL injection in Zoho ManageEngine Applications Manager's showReports module before build 14550 allows attackers to execute arbitrary SQL queries.
Vulnerability
The vulnerability is an SQL injection in the showReports module of Zoho ManageEngine Applications Manager prior to build 14550. Authenticated users can inject SQL commands via crafted requests due to inadequate input sanitization.
Exploitation
An attacker with valid credentials can send a specially crafted HTTP request to the showReports module. The lack of proper input validation allows the attacker to inject arbitrary SQL statements into the database query.
Impact
Successful exploitation enables the attacker to execute arbitrary SQL commands, leading to unauthorized access, disclosure, modification, or deletion of data in the underlying database. This could compromise the entire application's data integrity and confidentiality.
Mitigation
The issue is fixed in build 14550 of Zoho ManageEngine Applications Manager [1]. Users should upgrade to this build or later. No workarounds have been provided in the available references.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Zoho/ManageEngine Applications Managerdescription
- Range: <14550
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.manageengine.com/products/applications_manager/issues.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.