Cisco Unified Communications Manager and Unified Presence Server SQL Injection Vulnerability

Cisco Unified Communications Manager and Unified Presence Server are prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

An authenticated attacker can leverage this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue is tracked by Cisco Bug ID CSCup74290.


 

Privacy Statement
Copyright 2010, SecurityFocus