CVE-2008-0026

SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
ciscounified_callmanager
5.0
ciscounified_callmanager
5.0\(1\)
ciscounified_callmanager
5.0\(2\)
ciscounified_callmanager
5.0\(3\)
ciscounified_callmanager
5.0\(3a\)
ciscounified_callmanager
5.0\(4\)
ciscounified_callmanager
5.0_4a:_4a
ciscounified_callmanager
5.1
ciscounified_callmanager
6.0
ciscounified_communications_manager
5.0
ciscounified_communications_manager
5.0_1:_1
ciscounified_communications_manager
5.0_2:_2
ciscounified_communications_manager
5.0_3:_3
ciscounified_communications_manager
5.0_3a:_3a
ciscounified_communications_manager
5.0_4:_4
ciscounified_communications_manager
5.0_4a:_4a
ciscounified_communications_manager
5.0_4a_su1:_4a_su1
ciscounified_communications_manager
6.0
ciscounified_communications_manager
6.0_1:_1
ciscounified_communications_manager
6.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/28932
http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml
http://www.securityfocus.com/bid/27775
http://www.securitytracker.com/id?1019404
http://www.vupen.com/english/advisories/2008/0542
https://exchange.xforce.ibmcloud.com/vulnerabilities/40484
http://secunia.com/advisories/28932
http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml
http://www.securityfocus.com/bid/27775
http://www.securitytracker.com/id?1019404
http://www.vupen.com/english/advisories/2008/0542
https://exchange.xforce.ibmcloud.com/vulnerabilities/40484