SQL Injection Vulnerability - CVE-2026-14828

SQL Injection Vulnerability in Password Manager Pro, PAM360 and Access

CVE ID : CVE-2026-14828

Severity : High

Details :
An authenticated SQL Injection vulnerability was identified in Password Manager Pro, PAM360 and Access Manager Plus. The vulnerability has been addressed, and the issue does not exist in the fixed version.

Product Name Issue Affected Version(s) Fixed Version(s) Fixed On
Password Manager Pro SQL Injection Till 13234 13235 07-07-2026
PAM360 SQL Injection Till 8560 8561 07-07-2026
Access Manager Plus SQL Injection Till 4404 4405 07-07-2026

(Please note that this vulnerability applies to only those who have installed or upgraded to the above mentioned version)

Impact:
The SQL injection vulnerability allows an adversary to craft a malicious query to execute unintended SQL operations on the database.

Steps to Upgrade:

  1. Download the latest upgrade pack from the following links
  2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above links.

Acknowledgements:

Reported by Mac Hong Nam

Please contact the product support for further details at the below mentioned email addresses:

Password Manager Pro: passwordmanagerpro-support@manageengine.com

PAM360: pam360-support@manageengine.com

Access Manager Plus: accessmanagerplus-support@manageengine.com

Get
Quote
Technical Support Request Demo