Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the “Export to CSV” feature of the Contact Manager web GUI.
CPE | Name | Operator | Version |
---|---|---|---|
imagicle_uc_suite | eq | < 2021.summer.2 |