CVE-2014-0729

Cisco’s advisory confirms a Blind SQL Injection in the Enterprise Mobility Application (EMApp) interface of Cisco Unified Communications Manager (UCM). The root cause is a failure to validate user-supplied input used to build SQL queries, enabling an unauthenticated, remote attacker to exfiltrate...