DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2026-5785

High

Low Medium High Critical

8.1

CVSS Score

Published: Apr 16, 2026

Last Modified: Apr 17, 2026

CWE: CWE-89

Vulnerability Description

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

References & Resources

https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2026-5785.html
0fc0942c-577d-436f-ae8e-945763c79b02

Severity Details

8.1

out of 10.0

High

Weakness Type (CWE)

CWE-89 Top 25 #3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Description: The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a…
Exploit Likelihood: High
Typical Severity: High
OWASP Top 10: A03:2021-Injection
Abstraction Level: Base