SQL Injection Vulnerability in Password Manager Pro and PAM360

CVE ID : CVE-2026-5785

Severity : High

Details :
An SQL injection vulnerability was identified in Password Manager Pro and PAM360. This issue has been addressed, and it no longer exists in the fixed version.

Product Name	Issue	Affected Version(s)	Fixed Version(s)	Fixed On
Password Manager Pro	SQL Injection	From 8600 to 13230	13231	07-04-2026
PAM360	SQL Injection	Till 8530	8531	02-04-2026

(Please note that this vulnerability applies to only those who have installed or upgraded to the above mentioned version)

Impact:
The SQL injection vulnerability allows an adversary with a Password Auditor role to execute custom queries, and escalate to Privileged Administrator and perform sensitive actions.

Steps to Upgrade:

1. Download the latest upgrade pack from the following links
   • Password Manager Pro - https://www.manageengine.com/products/passwordmanagerpro/upgradepack.html
   • PAM360 - https://www.manageengine.com/privileged-access-management/upgradepack.html
2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above links.

Acknowledgements:

Reported by Fabius Watson

Please contact the product support for further details at the below mentioned email addresses:

PAM360: pam360-support@manageengine.com

Password Manager Pro: passwordmanagerpro-support@manageengine.com