ManageEngine Releases Fix for SQL Injection Vulnerability

ADAudit Plus addresses critical SQL injection vulnerability. ManageEngine has released a fix for a high-severity SQL injection vulnerability (CVE-2024-49574) affecting all ADAudit Plus builds below version 8123. This flaw could allow authenticated attackers to execute custom queries and access sensitive database entries. Users are advised to upgrade to the latest build, 8123, which was released on November 8, 2024, to mitigate this risk. The issue was reported internally, and further details can be obtained by contacting support.