Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities
Vulnerability Description
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
思科 Cisco Unified Communications Manager SQL注入漏洞
Vulnerability Description
Cisco Unified Communications Manager(CUCM,Unified CM,CallManager)是美国思科(Cisco)公司的一款统一通信系统中的呼叫处理组件。该组件提供了一种可扩展、可分布和高可用的企业IP电话呼叫处理解决方案。 Cisco Unified Communications Manager IM & 的web管理界面存在SQL注入漏洞,该漏洞源于用户提交的参数验证不当造成的。攻击者可利用该漏洞通过对应用程序进行身份验证并向受影响的系统发送恶意请求。
CVSS Information
N/A
Vulnerability Type
N/A