Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCvb58973.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Cisco Emergency Responder SQL注入漏洞
Vulnerability Description
Cisco Emergency Responder(ER)是美国思科(Cisco)公司的一套IP通信系统中的应急呼叫软件。该软件提供实时定位跟踪数据库和呼叫者的位置等功能。 Cisco ER中的SQL database interface存在SQL注入漏洞,该漏洞源于程序没有验证SQL查询中用户提交的输入。远程攻击者可通过发送带有SQL语句的特制URL利用该漏洞查看或更改数据库表格,影响数据的完整性。
CVSS Information
N/A
Vulnerability Type
N/A