CVE-2011-1610 Information
Description
Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM formerly CallManager) 6.x before 6.1(5)su3 7.x before 7.1(5)su4 8.0 before 8.0(3a)su2 and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f (2) l or (3) n parameter aka Bug ID CSCtj42064.
Reference
http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html http://secunia.com/advisories/44331 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml http://www.securityfocus.com/archive/1/517727/100/0/threaded http://www.securityfocus.com/bid/47607 http://www.securitytracker.com/id?1025449 http://www.vupen.com/english/advisories/2011/1122 http://zerodayinitiative.com/advisories/ZDI-11-143/ https://exchange.xforce.ibmcloud.com/vulnerabilities/67126
Share on: