Skip to main content

Manageengine Pam360 CVE-2026-5785

| EUVDEUVD-2026-23239 HIGH
SQL Injection (CWE-89)
2026-04-16 Zohocorp GHSA-wg7c-97pm-qp3w
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

4
Patch released
Apr 17, 2026 - 15:17 nvd
Patch available
Patch available
Apr 16, 2026 - 15:01 EUVD
EUVD ID Assigned
Apr 16, 2026 - 14:00 euvd
EUVD-2026-23239
CVE Published
Apr 16, 2026 - 13:46 nvd
HIGH 8.1

DescriptionCVE.org

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.

Analysis

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.

CVE-2022-29081 CRITICAL POC
9.8 Apr 28

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnera

CVE-2023-2291 HIGH POC
7.8 Apr 26

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine

CVE-2022-43672 CRITICAL
9.8 Nov 12

Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL I

CVE-2022-43671 CRITICAL
9.8 Nov 12

Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL I

CVE-2022-40300 CRITICAL
9.8 Sep 16

Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager P

CVE-2021-44525 CRITICAL
9.8 Dec 20

Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a fi

CVE-2023-6105 MEDIUM POC
5.5 Nov 15

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys bein

CVE-2024-5546 HIGH
8.8 Aug 28

Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affect

CVE-2025-11669 HIGH
8.1 Jan 13

Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versi

CVE-2024-27312 HIGH
8.1 May 20

Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged use

CVE-2024-27313 MEDIUM
4.6 May 29

Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. Rated medium severity (CVSS 4.6), this vulnerability

Share

CVE-2026-5785 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy