CVE-2026-5785 in ManageEngine PAM360
Summary
by MITRE • 04/16/2026
Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 04/16/2026
The vulnerability identified as CVE-2026-5785 affects Zohocorp ManageEngine PAM360 and Password Manager Pro products, representing a critical authenticated SQL injection flaw within the query report module. This vulnerability exists in specific version ranges where the application fails to properly sanitize user inputs before incorporating them into database queries. The issue manifests when authenticated users interact with the reporting functionality, potentially allowing attackers who have valid credentials to manipulate database queries through crafted input parameters. The vulnerability stems from insufficient input validation and improper parameterization of database queries, creating an avenue for malicious SQL code execution. According to CWE standards, this maps directly to CWE-89 SQL injection, which is classified as a high-severity weakness in the CWE top 25 most dangerous software weaknesses. The ATT&CK framework categorizes this vulnerability under T1078 Valid Accounts and T1213 Data from Information Repositories, as it leverages legitimate user credentials to access and manipulate sensitive data within the database.
The technical exploitation of this vulnerability requires an authenticated user context, meaning attackers must first obtain valid login credentials for the system. Once authenticated, the attacker can manipulate the query report module by injecting malicious SQL payloads through input fields that are not properly sanitized. The vulnerability allows for arbitrary code execution within the database context, potentially enabling data extraction, modification, or deletion of sensitive information. Attackers could leverage this weakness to access privileged user accounts, extract password hashes, or obtain confidential organizational data stored within the password management system. The impact extends beyond simple data theft as it can facilitate lateral movement within the network and provide attackers with persistent access to critical authentication infrastructure. The affected versions span across multiple release lines, indicating a widespread issue that requires immediate attention from security administrators.
Organizations utilizing affected versions of ManageEngine PAM360 and Password Manager Pro face significant operational risks including potential data breaches, regulatory compliance violations, and reputational damage. The vulnerability directly impacts the integrity and confidentiality of password management systems, which are critical components of enterprise security infrastructure. Security teams must conduct immediate vulnerability assessments to identify systems running affected software versions and implement appropriate mitigations. The recommended remediation involves upgrading to patched versions of the software, specifically versions beyond the vulnerable ranges mentioned in the CVE description. Additionally, organizations should implement network segmentation, monitor for suspicious query activities, and enforce least privilege access controls for the reporting module. Database query logging and monitoring should be enhanced to detect potential exploitation attempts. The vulnerability highlights the importance of proper input validation and parameterized queries in preventing SQL injection attacks, aligning with industry best practices outlined in OWASP Top Ten and NIST guidelines for secure coding practices. Regular security assessments and penetration testing should be conducted to identify similar vulnerabilities in other applications within the organization's infrastructure.