CVE ID : CVE-2026-14828
Severity : High
Details :
An authenticated SQL Injection vulnerability was identified in Password Manager Pro, PAM360 and Access Manager Plus. The vulnerability has been addressed, and the issue does not exist in the fixed version.
| Product Name | Issue | Affected Version(s) | Fixed Version(s) | Fixed On |
|---|---|---|---|---|
| Password Manager Pro | SQL Injection | Till 13234 | 13235 | 07-07-2026 |
| PAM360 | SQL Injection | Till 8560 | 8561 | 07-07-2026 |
| Access Manager Plus | SQL Injection | Till 4404 | 4405 | 07-07-2026 |
(Please note that this vulnerability applies to only those who have installed or upgraded to the above mentioned version)
Impact:
The SQL injection vulnerability allows an adversary to craft a malicious query to execute unintended SQL operations on the database.
Reported by Mac Hong Nam
Please contact the product support for further details at the below mentioned email addresses:
Password Manager Pro: passwordmanagerpro-support@manageengine.com
PAM360: pam360-support@manageengine.com
Access Manager Plus: accessmanagerplus-support@manageengine.com