Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.

Posted by Hakan Bayır on Nov 05I. VULNERABILITY
————————-
SQL Injection

II. CVE REFERENCE
————————-
CVE-2018-18949

III. VENDOR
————————-
https://www.manageengine.com

IV. TIMELINE
————————-
09/10/18 Vulnerability discovered
09/10/18 Vendor contacted
02/11/2018 OPManager replay that they fixed

V. CREDIT
————————-
Hakan Bayir at Biznet Bilisim A.S.

VI. DESCRIPTION
————————-
Zoho…

Link: http://seclists.org/bugtraq/2018/Nov/6