CNNVD-202507-2257 Information
CNNVD ID
CNNVD-202507-2257
Related CVE
- CNNVD Published: 2025-07-16
Description (Chinese)
Cisco Evolved Programmable Network Manager和Cisco Prime Infrastructure都是美国思科(Cisco)公司的产品。Cisco Evolved Programmable Network Manager是一套网络管理解决方案。Cisco Prime Infrastructure是一个应用软件。用于简化无线和有线网络的管理。 Cisco Evolved Programmable Network Manager和Cisco Prime Infrastructure存在SQL注入漏洞,该漏洞源于REST API输入验证不足,可能导致SQL注入攻击。
Description (English)
Cisco Evolved Programable Network Manager and Cisco Prime Infrastrucure are all Cisco products. Cisco Evolved Programme Network Manager is a web-based management solution. Cisco Prime Infrastructure is an application. To simplify the management of wireless and cable networks. Cisco Evolved Programable Network Manager and Cisco Prime Infrastructure have an injection loophole in SQL, which stems from inadequate verification of RRT API input, which could lead to an SQL injection attack.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
思科
Published
2025-07-16
Last Modified
2026-02-24
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-piepnm-bsi-25JJqsbb https://vigilance.fr/vulnerability/Cisco-Prime-Infrastructure-SQL-injection-via-API-REST-47728