CVE-2017-12227SQL Injection in Cisco Emergency Responder

CWE-89SQL Injection4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 61.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Emergency Responder
Timeline
PublishedSep 7
Latest updateMay 13

Description

A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

CVEListV5cisco/cisco_emergency_responderCisco Emergency Responder

🔴Vulnerability Details

2
GHSA
GHSA-gg9x-2phv-cmmr: A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injec2022-05-13
CVEList
CVE-2017-12227: A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injec2017-09-07

📋Vendor Advisories

1
Cisco
Cisco Emergency Responder Blind SQL Injection Vulnerability2017-09-06
CVE-2017-12227 — SQL Injection in Cisco | cvebase