Cisco Unified Communications Manager Multiple SQL Injections (CVE-2011-1610)

Multiple SQL injection vulnerabilities have been reported in Cisco Unified Communications Manager. A remote attacker can exploit these vulnerabilities by sending a malicious request to the target web service and injecting an SQL query into a parameter. Successful exploitation of this vulnerabilit...

CVE-2011-1610

CVE-2011-1610 affects Cisco Unified Communications Manager (CUCM) where the embedded Apache HTTP Server exposes xmldirectorylist.jsp. The vulnerability arises from improper validation of parameters (f, l, n) passed to the JSP, enabling a remote, unauthenticated attacker to inject and execute arbi...