Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Unified Communications Manager SQL Injection Vulnerability
Vulnerability Description
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. The vulnerability exists because the affected software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted requests that contain malicious SQL statements to the affected application. A successful exploit could allow the attacker to determine the presence of certain values in the database, impacting the confidentiality of the system.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Cisco Unified Communications Manager和Cisco Unified Communications Manager Session Management Edition SQL注入漏洞
Vulnerability Description
Cisco Communications Manager和Cisco Unified Communications Manager SME中基于Web的界面存在SQL注入漏洞,该漏洞源于程序没有正确验证在SQL查询中用户提交的输入。远程攻击者可通过发送特制的请求利用该漏洞判定数据库中的一些值是否存在,影响系统的保密性。以下产品及版本受到影响:Cisco Communications Manager 10.5(2)及之前版本,11.5(1)SU5及之前版本,12.0(1)SU2及之前版本,12.5(1)及之
CVSS Information
N/A
Vulnerability Type
N/A