CVE-2008-0026

EUVD-2008-0039
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
ciscounified_callmanager
5.0
ciscounified_callmanager
5.0\(1\)
ciscounified_callmanager
5.0\(2\)
ciscounified_callmanager
5.0\(3\)
ciscounified_callmanager
5.0\(3a\)
ciscounified_callmanager
5.0\(4\)
ciscounified_callmanager
5.0_4a:_4a
ciscounified_callmanager
5.1
ciscounified_callmanager
6.0
ciscounified_communications_manager
5.0
ciscounified_communications_manager
5.0_1:_1
ciscounified_communications_manager
5.0_2:_2
ciscounified_communications_manager
5.0_3:_3
ciscounified_communications_manager
5.0_3a:_3a
ciscounified_communications_manager
5.0_4:_4
ciscounified_communications_manager
5.0_4a:_4a
ciscounified_communications_manager
5.0_4a_su1:_4a_su1
ciscounified_communications_manager
6.0
ciscounified_communications_manager
6.0_1:_1
ciscounified_communications_manager
6.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/28932
http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml
http://www.securityfocus.com/bid/27775
http://www.securitytracker.com/id?1019404
http://www.vupen.com/english/advisories/2008/0542
https://exchange.xforce.ibmcloud.com/vulnerabilities/40484
http://secunia.com/advisories/28932
http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml
http://www.securityfocus.com/bid/27775
http://www.securitytracker.com/id?1019404
http://www.vupen.com/english/advisories/2008/0542
https://exchange.xforce.ibmcloud.com/vulnerabilities/40484