CVE-2026-5785 | THREATINT

Description

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.

PUBLISHED Reserved 2026-04-08 | Published 2026-04-16 | Updated 2026-04-17 | Assigner Zohocorp

HIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection')

Product status

Default status

unaffected

Any version before 8531

affected

Default status

unaffected

8600 (13230)

affected

References

www.manageengine.com/...nagerpro/advisory/cve-2026-5785.html

cve.org (CVE-2026-5785)

nvd.nist.gov (CVE-2026-5785)

Download JSON