Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.
https://www.manageengine.com/network-monitoring/security-updates/cve-2021-40493.html