SQL Injection Vulnerabilities in Avaya Communication Manager and SIP Enablement Services
CVE-2008-6573

Currently unrated

Key Information:

Vendor: Avaya
Status: Communication Manager
Vendor: CVE Published:; 1 April 2009

Summary

Remote attackers can exploit multiple SQL injection vulnerabilities in Avaya SIP Enablement Services and Communication Manager, allowing them to execute arbitrary SQL commands. The vulnerabilities stem from insufficient filtering and validation in the web interface, particularly in operations related to profiles in the SIP Personal Information Manager (SPIM). These flaws enable unauthorized access to sensitive information and manipulation of the database by both remote and authenticated users, posing significant risks to the application's integrity and confidentiality.

References

http://www.voipshield.com/research-details.php?id=25

x_refsource_MISC

http://www.voipshield.com/research-details.php?id=26

x_refsource_MISC

http://www.voipshield.com/research-details.php?id=22

x_refsource_MISC

Timeline

Vulnerability published
Apr 1, 2009
Vulnerability Reserved
Apr 1, 2009