SQL Injection
Description
Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated SQL injection in ManageEngine Password Manager Pro (before 12431) and PAM360 (before 7001) via global search allows database query execution.
Vulnerability
ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are vulnerable to an authenticated SQL injection vulnerability via the global search option [1]. An attacker with valid credentials can exploit this flaw by sending specially crafted input to the search functionality, allowing the execution of arbitrary SQL queries against the database.
Exploitation
Exploitation requires valid credentials for the application [1]. The attack is carried out by injecting malicious SQL code into the global search field. The injected query is executed by the database backend without proper sanitization.
Impact
This vulnerability allows an adversary to execute custom SQL queries and access database table entries [1]. However, due to dual encryption mechanisms, access to sensitive information such as passwords remains restricted [1].
Mitigation
The vulnerability is fixed in Password Manager Pro build 12431 and PAM360 build 7001, released on 14 June 2024 [1]. Users are strongly advised to upgrade immediately. No workarounds are available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: <7001
- Range: <12431
- Range: 0
- Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.