ManageEngine PAM360 and Password Manager Pro SQL Injection Flaw

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

ManageEngine PAM360 and Password Manager Pro SQL Injection Flaw

CVE-2026-5785

Summary

Vulnerabilities in ManageEngine PAM360 and Password Manager Pro allow attackers to inject malicious SQL code and potentially access sensitive data. If exploited, this could lead to unauthorized access to user credentials and other sensitive information. Users should update to the latest version to fix the issue.

Original title

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.

Original description

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.

nvd CVSS3.1 8.1

Vulnerability type

CWE-89 SQL Injection

https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2026-5785....

Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026