HTTP: Zoho ManageEngine ADAudit Plus getLockoutHistoryData SQL Injection
This signature detects attempts to exploit a known vulnerability against Zoho. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
ZohocorpManageEngineADAudit Plus versions below8121 are vulnerable to the authenticated SQL injection in account lockout report.
Affected Products
Zohocorp manageengine_adaudit_plus
References
CVE: CVE-2024-5467
Short Name
HTTP:SQL:INJ:ZOHO-MG-AD-GETLOCK
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
ADAudit CVE-2024-5467 Injection ManageEngine Plus SQL Zoho getLockoutHistoryData
Release Date
10/15/2024
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3749
False Positive
Rarely
Vendors
Zohocorp