{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/passwordmanagerpro/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-5785"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-5785","sqli","manageengine","pam360","passwordmanagerpro"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eZohocorp ManageEngine PAM360 and Password Manager Pro are affected by an authenticated SQL injection vulnerability within the query report module. This vulnerability, identified as CVE-2026-5785, impacts PAM360 versions prior to 8531 and Password Manager Pro versions ranging from 8600 to 13230. An attacker with valid, albeit low-privileged, credentials can exploit this flaw by injecting malicious SQL queries through the affected module. Successful exploitation could lead to unauthorized data access, modification, or even complete database compromise. Defenders must apply the necessary patches to remediate this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains valid, low-privileged credentials to ManageEngine PAM360 or Password Manager Pro application.\u003c/li\u003e\n\u003cli\u003eAttacker authenticates to the ManageEngine application with the obtained credentials.\u003c/li\u003e\n\u003cli\u003eAttacker navigates to the \u0026ldquo;query report\u0026rdquo; module within the application\u0026rsquo;s interface.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious SQL query containing SQL injection payloads within report generation parameters.\u003c/li\u003e\n\u003cli\u003eThe application processes the crafted SQL query without proper sanitization, executing the injected SQL commands.\u003c/li\u003e\n\u003cli\u003eThe database executes the malicious SQL query, leading to unintended data retrieval (exfiltration) or modification.\u003c/li\u003e\n\u003cli\u003eAttacker extracts sensitive information like usernames, passwords, or configuration details from the database.\u003c/li\u003e\n\u003cli\u003eAttacker may further exploit the SQL injection to modify database records, escalate privileges, or compromise other application functionalities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5785 can result in significant data breaches and compromise of sensitive assets managed by ManageEngine PAM360 and Password Manager Pro. An attacker could potentially gain unauthorized access to credentials, configuration settings, and other critical information stored within the database. The impact can range from data theft and service disruption to complete system compromise, potentially affecting hundreds of organizations relying on these products for privileged access management.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade ManageEngine PAM360 to version 8531 or later to patch CVE-2026-5785.\u003c/li\u003e\n\u003cli\u003eImmediately upgrade ManageEngine Password Manager Pro to a version later than 13230, or a version earlier than 8600.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious SQL syntax or unusual database query patterns related to the query report module using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures within the ManageEngine application to prevent SQL injection attacks.\u003c/li\u003e\n\u003cli\u003eEnable database auditing to detect and investigate any unauthorized database access or modification attempts stemming from CVE-2026-5785.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-17T12:00:00Z","date_published":"2026-04-17T12:00:00Z","id":"/briefs/2026-04-manageengine-sqli/","summary":"An authenticated SQL injection vulnerability (CVE-2026-5785) in the query report module of Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 allows attackers with low privileges to potentially read or modify sensitive database information.","title":"ManageEngine PAM360 and Password Manager Pro Authenticated SQL Injection Vulnerability (CVE-2026-5785)","url":"https://feed.craftedsignal.io/briefs/2026-04-manageengine-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Passwordmanagerpro","version":"https://jsonfeed.org/version/1.1"}