CVE-2011-1610SQL Injection in Cisco Unified Communications Manager

CWE-89SQL InjectionCWE-2644 documents4 sources
Severity
6.4MEDIUMNVD
EPSS
2.5%
top 14.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Communications Manager
Timeline
PublishedMay 3
Latest updateMay 14

Description

Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-w5r2-842q-f7rx: Multiple SQL injection vulnerabilities in xmldirectorylist2022-05-14
CVEList
CVE-2011-1610: Multiple SQL injection vulnerabilities in xmldirectorylist2011-05-03

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Manager Potential SQL Injection Vulnerability2011-04-27
CVE-2011-1610 — SQL Injection in Cisco | cvebase