CVE-2014-3287 Information

Description

SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL aka Bug ID CSCuo17337.

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3287 http://www.securityfocus.com/bid/68000 http://www.securitytracker.com/id/1030411