CVE-2008-0026

SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:unified_callmanager:5.0\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_callmanager:5.0\(3a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.0_2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.0_3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_callmanager:5.0\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_callmanager:5.0\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.0_1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.0_1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.0_4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.0_4a:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.0_4a_su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_callmanager:5.0_4a:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_callmanager:6.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.0_3a:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_callmanager:5.0\(4\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_callmanager:5.1:*:*:*:*:*:*:*

Information

Published : 2008-02-14 04:00

Updated : 2017-08-07 18:29


NVD link : CVE-2008-0026

Mitre link : CVE-2008-0026


JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa

Products Affected

cisco

  • unified_callmanager
  • unified_communications_manager