What the vulnerability does
01Description
Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option.
CVSS base score
8.3/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Key dates
02Disclosure timeline
February 23, 2026
CVE published
February 26, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-37494 WordPress Youzify plugin <= 1.2.5 - SQL Injection vulnerability
CVE-2025-8327 code-projects Exam Form Submission delete_s8.php sql injection
CVE-2022-31082 SQL Injection via package deployment tasks in glpi-inventory-plugin
CVE-2024-25910 WordPress MoveTo Plugin <= 6.2 is vulnerable to SQL Injection
CVE-2024-33957 SQL injection in Janobe E-Negosyo System
