Zoho ManageEngine Security Manager Plus Multiple Vulnerabilities

Summary
This host is running Zoho ManageEngine Security Manager Plus and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to perform directory traversal attacks, read/download the arbitrary files and to manipulate SQL queries by injecting arbitrary SQL code. Impact Level: Application
Solution
Apply the patch from the below link or update to latest version, http://bonitas.zohocorp.com/4264259/scanfi/31May2012/SMP_Vul_fix.zip For updates refer to http://www.manageengine.com/products/security-manager ***** NOTE: Ignore this warning if above mentioned patch is installed. *****
Insight
Multiple flaws are due to, - An input passed to the 'f' parameter via 'store' script is not properly sanitised before being used. This allows to download the complete database and thus gather logins which lead to uploading web site files which could be used for malicious actions - The SQL injection is possible on the 'Advanced Search', the input is not validated correctly.
Affected
ManageEngine Security Manager Plus version 5.5 build 5505 and prior
References