Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Avaya SIP Enablement Services(SES) 多个SQL注入漏洞
Vulnerability Description
Avaya Avaya Communication Manager 3.x,4.0和5.0版本中的Avaya SIP Enablement Services(SES)存在多个SQL注入漏洞。远程攻击者可以借助与web界面中的SIP个人信息管理器(SPIM)里的profiles相关的未明向量,执行任意的SQL指令;远程认证用户可以借助与对web界面中SPIM profiles的许可和对SIP服务器的特制的SIP请求相关的未明向量,执行任意的SQL指令。
CVSS Information
N/A
Vulnerability Type
N/A