SQL Injection in ManageEngine Privileged Access Management [CVE-2022-40300]
An SQLi in Password Manager Pro, which is bundled with Manage Engine’s Privileged Access Management 360 (PAM360) and Access Manager Plus.In the password manager, there’s a concept of “resources” which can be added or edited, which internally submits a multipart form request to the AddResourceType.ve
endpoint…