Cisco Prime Infrastructure SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database.

N/A

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Cisco Prime Infrastructure Software SQL注入漏洞

Cisco Prime Infrastructure Software是美国思科（Cisco）公司的一套基础网络生命周期管理解决方案。该产品集成了Cisco Prime LAN Management Solution（LMS）和Cisco Prime Network Control System（NCS）。 Cisco Prime Infrastructure Software 3.7.1 Update 01之前版本和3.8 Update 02之前版本中的基于Web的管理界面存在SQL注入漏洞，该漏洞源于

N/A

N/A