SQL Injection Vulnerability - CVE-2024-6748

Severity: High

CVE ID: CVE-2024-6748

Product name Affected Version(s) Fixed Version(s) Fixed On
OpManager
OpManager Plus
OpManager MSP
RMM
From version 128316 to 128317 128318 19-07-2024
From version 128234 to 128266 128267 22-07-2024
Below version 128186 128186 24-07-2024

Details:

OpManager: The SQL injection vulnerability identified in the URL Monitoring has now been fixed.

Impact:

Using this SQL injection, it was possible to execute custom queries and access the database table entries.

Steps to upgrade:

  1. Kindly download the latest upgrade pack from here.
  2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above step.

Source and Acknowledgements

This vulnerability was reported by CrisprXiang, Cokebeer, and LFY.

Kindly contact our product support team for further details, at the below mentioned email address:

 
 Pricing  Get Quote