SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.
Software | From | Fixed in |
---|---|---|
cisco / unified_callmanager | 5.0 | 5.0.x |
cisco / unified_callmanager | 5.0_4a | 5.0_4a.x |
cisco / unified_callmanager | 5.0(1) | 5.0(1).x |
cisco / unified_callmanager | 5.0(2) | 5.0(2).x |
cisco / unified_callmanager | 5.0(3) | 5.0(3).x |
cisco / unified_callmanager | 5.0(3a) | 5.0(3a).x |
cisco / unified_callmanager | 5.0(4) | 5.0(4).x |
cisco / unified_callmanager | 5.1 | 5.1.x |
cisco / unified_callmanager | 6.0 | 6.0.x |
cisco / unified_communications_manager | 5.0 | 5.0.x |
cisco / unified_communications_manager | 5.0_1 | 5.0_1.x |
cisco / unified_communications_manager | 5.0_2 | 5.0_2.x |
cisco / unified_communications_manager | 5.0_3 | 5.0_3.x |
cisco / unified_communications_manager | 5.0_3a | 5.0_3a.x |
cisco / unified_communications_manager | 5.0_4 | 5.0_4.x |
cisco / unified_communications_manager | 5.0_4a | 5.0_4a.x |
cisco / unified_communications_manager | 5.0_4a_su1 | 5.0_4a_su1.x |
cisco / unified_communications_manager | 6.0 | 6.0.x |
cisco / unified_communications_manager | 6.0_1 | 6.0_1.x |
cisco / unified_communications_manager | 6.1 | 6.1.x |