CVE-2026-5785 Zohocorp — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	8.1 (HIGH)
Affected Versions	8600 — 13230
Type	CWE-89 (SQL Injection)
Vendor	Zohocorp
Public PoC	No

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-89 SQL Injection

References 1

https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2026-5785…

0fc0942c-577d-436f-ae8e-945763c79b02

Menu

CVE-2026-5785

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

CVE Details

Editor's Choice

Menu

CVE-2026-5785

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

CVE Details

Editor's Choice

Stay informed on cybersecurity