CVE-2008-0026

SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.
SQL Injection
Severity
UNKNOWN
AV:N/AC:L/Au:S/C:P/I:P/A:P
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
ciscounified_callmanager
5.0
ciscounified_callmanager
5.0\(1\)
ciscounified_callmanager
5.0\(2\)
ciscounified_callmanager
5.0\(3\)
ciscounified_callmanager
5.0\(3a\)
ciscounified_callmanager
5.0\(4\)
ciscounified_callmanager
5.0_4a
ciscounified_callmanager
5.1
ciscounified_callmanager
6.0
ciscounified_communications_manager
5.0
ciscounified_communications_manager
5.0_1
ciscounified_communications_manager
5.0_2
ciscounified_communications_manager
5.0_3
ciscounified_communications_manager
5.0_3a
ciscounified_communications_manager
5.0_4
ciscounified_communications_manager
5.0_4a
ciscounified_communications_manager
5.0_4a_su1
ciscounified_communications_manager
6.0
ciscounified_communications_manager
6.0_1
ciscounified_communications_manager
6.1
𝑥
= Vulnerable software versions