OSVDB ID: 98019

Title: Cisco Unified Communications Domain Manager (CUCDM) Unspecified SQL Injection

Info

Disclosure

Oct 01, 2013

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Cisco Unified Communications Domain Manager contains a flaw that may allow an attacker to carry out a blind SQL injection attack. The issue is due to the program not properly sanitizing user-supplied input before using it in SQL queries. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Authentication Required, Web Related

Solution

OSVDB is not currently aware of a solution for this vulnerability.

Products

Cisco Systems, Inc.

Unified Communications Domain Manager

7.4
8.6
8.6.2
9.0
9.0.1

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/98019