Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2008-0026
HistoryFeb 14, 2008 - 12:00 p.m.

CVE-2008-0026

2008-02-1412:00:00
CWE-89
cisco
web.nvd.nist.gov
26
cve-2008-0026
sql injection
cisco
unified callmanager
communications manager
cucm
remote authenticated users
arbitrary sql commands

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.002

Percentile

53.4%

JSON

SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.

Affected configurations

Nvd
Node
ciscounified_callmanagerMatch5.0
OR
ciscounified_callmanagerMatch5.0\(1\)
OR
ciscounified_callmanagerMatch5.0\(2\)
OR
ciscounified_callmanagerMatch5.0\(3\)
OR
ciscounified_callmanagerMatch5.0\(3a\)
OR
ciscounified_callmanagerMatch5.0\(4\)
OR
ciscounified_callmanagerMatch5.0_4a
OR
ciscounified_callmanagerMatch5.1
OR
ciscounified_callmanagerMatch6.0
OR
ciscounified_communications_managerMatch5.0
OR
ciscounified_communications_managerMatch5.0_1
OR
ciscounified_communications_managerMatch5.0_2
OR
ciscounified_communications_managerMatch5.0_3
OR
ciscounified_communications_managerMatch5.0_3a
OR
ciscounified_communications_managerMatch5.0_4
OR
ciscounified_communications_managerMatch5.0_4a
OR
ciscounified_communications_managerMatch5.0_4a_su1
OR
ciscounified_communications_managerMatch6.0
OR
ciscounified_communications_managerMatch6.0_1
OR
ciscounified_communications_managerMatch6.1
VendorProductVersionCPE
ciscounified_callmanager5.0cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*
ciscounified_callmanager5.0(1)cpe:2.3:a:cisco:unified_callmanager:5.0\(1\):*:*:*:*:*:*:*
ciscounified_callmanager5.0(2)cpe:2.3:a:cisco:unified_callmanager:5.0\(2\):*:*:*:*:*:*:*
ciscounified_callmanager5.0(3)cpe:2.3:a:cisco:unified_callmanager:5.0\(3\):*:*:*:*:*:*:*
ciscounified_callmanager5.0(3a)cpe:2.3:a:cisco:unified_callmanager:5.0\(3a\):*:*:*:*:*:*:*
ciscounified_callmanager5.0(4)cpe:2.3:a:cisco:unified_callmanager:5.0\(4\):*:*:*:*:*:*:*
ciscounified_callmanager5.0_4acpe:2.3:a:cisco:unified_callmanager:5.0_4a:*:*:*:*:*:*:*
ciscounified_callmanager5.1cpe:2.3:a:cisco:unified_callmanager:5.1:*:*:*:*:*:*:*
ciscounified_callmanager6.0cpe:2.3:a:cisco:unified_callmanager:6.0:*:*:*:*:*:*:*
ciscounified_communications_manager5.0cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*
Rows per page:
1-10 of 201

Related

cvelist 1
cisco 1
prion 1
exploitdb 1
nvd 1
seebug 1
securityvulns 1
packetstorm 1
cvelist
cvelist
CVE-2008-0026
2008-02-14 11:00:00
cisco
cisco
SQL injection in Cisco Unified Communications Manager
2008-02-13 16:00:00
prion
prion
Sql injection
2008-02-14 12:00:00
exploitdb
exploitdb
Cisco Unified Communications Manager 6.1 - 'key' SQL Injection
2008-02-13 00:00:00
nvd
nvd
CVE-2008-0026
2008-02-14 12:00:00
seebug
seebug
Cisco Unified Communications Manager key参数SQL注入漏洞
2008-02-20 00:00:00
securityvulns
securityvulns
Cisco Security Advisory: SQL injection in Cisco Unified Communications Manager
2008-02-16 00:00:00
packetstorm
packetstorm
CiscoCallManager_sql_07_016.txt
2008-02-22 00:00:00

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.002

Percentile

53.4%

JSON
Related for CVE-2008-0026
cvelist1cisco1prion1exploitdb1nvd1seebug1securityvulns1packetstorm1