SQL Injection Vulnerability in Cisco Unified CallManager and Communications Manager
CVE-2008-0026

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Communications Manager; Unified Callmanager
Vendor: CVE Published:; 14 February 2008

Summary

An SQL injection vulnerability exists in Cisco Unified CallManager and Communications Manager, affecting versions 5.0, 5.1 prior to 5.1(3a), and 6.0 and 6.1 prior to 6.1(1a). This weakness allows remote authenticated users to execute arbitrary SQL commands through the key parameter on both admin and user interface pages, potentially compromising system integrity and exposing sensitive data.

References

http://www.securityfocus.com/bid/27775

vdb-entryx_refsource_BID

http://secunia.com/advisories/28932

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/40484

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 14, 2008
Vulnerability Reserved
Dec 17, 2007