← back
CVE-2015-7766

CVE-2015-7766

60Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 81%
from disclosure to weapon0 days
Published on NVDOct 9
1st PoCSep 17
metasploitSep 14
exploitation probability
81%top 1% of all CVEs
observed exploitation
nono source reports it
3 public exploit(s)
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.