CVE-2015-7387 (GCVE-0-2015-7387)
Vulnerability from cvelistv5 – Published: 2015-09-28 15:00 – Updated: 2024-08-06 07:51
VLAI
EPSS
VEX
Summary
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/38173/ | exploitx_refsource_EXPLOIT-DB |
| http://seclists.org/fulldisclosure/2015/Sep/59 | mailing-listx_refsource_FULLDISC |
| https://www.exploit-db.com/exploits/38352/ | exploitx_refsource_EXPLOIT-DB |
| http://packetstormsecurity.com/files/133581/Manag… | x_refsource_MISC |
| http://packetstormsecurity.com/files/133747/Manag… | x_refsource_MISC |
| http://www.rapid7.com/db/modules/exploit/windows/… | x_refsource_MISC |
Date Public
2015-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38173",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38173/"
},
{
"name": "20150915 ManageEngine EventLog Analyzer SQL query execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/59"
},
{
"name": "38352",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38352/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133581/ManageEngine-EventLog-Analyzer-10.6-Build-10060-SQL-Query-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133747/ManageEngine-EventLog-Analyzer-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/db/modules/exploit/windows/misc/manageengine_eventlog_analyzer_rce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by \"SELECT 1;INSERT INTO.\" Fixed in Build 11200."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T14:39:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38173",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38173/"
},
{
"name": "20150915 ManageEngine EventLog Analyzer SQL query execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/59"
},
{
"name": "38352",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38352/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133581/ManageEngine-EventLog-Analyzer-10.6-Build-10060-SQL-Query-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133747/ManageEngine-EventLog-Analyzer-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/db/modules/exploit/windows/misc/manageengine_eventlog_analyzer_rce"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by \"SELECT 1;INSERT INTO.\" Fixed in Build 11200."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38173",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38173/"
},
{
"name": "20150915 ManageEngine EventLog Analyzer SQL query execution",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/59"
},
{
"name": "38352",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38352/"
},
{
"name": "http://packetstormsecurity.com/files/133581/ManageEngine-EventLog-Analyzer-10.6-Build-10060-SQL-Query-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133581/ManageEngine-EventLog-Analyzer-10.6-Build-10060-SQL-Query-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/133747/ManageEngine-EventLog-Analyzer-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133747/ManageEngine-EventLog-Analyzer-Remote-Code-Execution.html"
},
{
"name": "http://www.rapid7.com/db/modules/exploit/windows/misc/manageengine_eventlog_analyzer_rce",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/exploit/windows/misc/manageengine_eventlog_analyzer_rce"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7387",
"datePublished": "2015-09-28T15:00:00.000Z",
"dateReserved": "2015-09-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:51:27.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2015-7387",
"date": "2026-07-15",
"epss": "0.80192",
"percentile": "0.99574"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.6\", \"matchCriteriaId\": \"6C93AFE3-1217-457F-A045-367B7F897312\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by \\\"SELECT 1;INSERT INTO.\\\" Fixed in Build 11200.\"}, {\"lang\": \"es\", \"value\": \"ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 y versiones anteriores permite a los atacantes remotos eludir las restricciones previstas y ejecutar comandos SQL arbitrarios a trav\\u00e9s de una consulta permitida seguida de una no permitida en el par\\u00e1metro de consulta para event / runQuery.do, como lo demuestra \\\"SELECT 1; INSERT INTO \\\". Corregido en Build 11200.\"}]",
"id": "CVE-2015-7387",
"lastModified": "2024-11-21T02:36:42.147",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2015-09-28T15:59:04.427",
"references": "[{\"url\": \"http://packetstormsecurity.com/files/133581/ManageEngine-EventLog-Analyzer-10.6-Build-10060-SQL-Query-Execution.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://packetstormsecurity.com/files/133747/ManageEngine-EventLog-Analyzer-Remote-Code-Execution.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2015/Sep/59\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.rapid7.com/db/modules/exploit/windows/misc/manageengine_eventlog_analyzer_rce\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/38173/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://www.exploit-db.com/exploits/38352/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://packetstormsecurity.com/files/133581/ManageEngine-EventLog-Analyzer-10.6-Build-10060-SQL-Query-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://packetstormsecurity.com/files/133747/ManageEngine-EventLog-Analyzer-Remote-Code-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2015/Sep/59\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.rapid7.com/db/modules/exploit/windows/misc/manageengine_eventlog_analyzer_rce\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/38173/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://www.exploit-db.com/exploits/38352/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-7387\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-09-28T15:59:04.427\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by \\\"SELECT 1;INSERT INTO.\\\" Fixed in Build 11200.\"},{\"lang\":\"es\",\"value\":\"ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 y versiones anteriores permite a los atacantes remotos eludir las restricciones previstas y ejecutar comandos SQL arbitrarios a trav\u00e9s de una consulta permitida seguida de una no permitida en el par\u00e1metro de consulta para event / runQuery.do, como lo demuestra \\\"SELECT 1; INSERT INTO \\\". Corregido en Build 11200.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.6\",\"matchCriteriaId\":\"6C93AFE3-1217-457F-A045-367B7F897312\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/133581/ManageEngine-EventLog-Analyzer-10.6-Build-10060-SQL-Query-Execution.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://packetstormsecurity.com/files/133747/ManageEngine-EventLog-Analyzer-Remote-Code-Execution.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://seclists.org/fulldisclosure/2015/Sep/59\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.rapid7.com/db/modules/exploit/windows/misc/manageengine_eventlog_analyzer_rce\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/38173/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www.exploit-db.com/exploits/38352/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://packetstormsecurity.com/files/133581/ManageEngine-EventLog-Analyzer-10.6-Build-10060-SQL-Query-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://packetstormsecurity.com/files/133747/ManageEngine-EventLog-Analyzer-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://seclists.org/fulldisclosure/2015/Sep/59\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.rapid7.com/db/modules/exploit/windows/misc/manageengine_eventlog_analyzer_rce\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/38173/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www.exploit-db.com/exploits/38352/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…