CVE-2018-0320— Cisco Prime Collaboration Provisioning SQL注入漏洞

N/A

A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.1 and prior. Cisco Bug IDs: CSCvd61754.

N/A

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Cisco Prime Collaboration Provisioning SQL注入漏洞

Cisco Prime Collaboration Provisioning（PCP）是美国思科（Cisco）公司的一套基于Web的下一代通信服务软件。该软件对IP电话、语音邮件和统一通信环境提供IP通信服务功能。 Cisco PCP 12.1及之前版本中的Web框架代码存在SQL注入漏洞，该漏洞源于程序没有正确的验证SQL查询中用户提交的输入。远程攻击者可通过发送带有恶意SQL语句的特制URL利用该漏洞执行任意的SQL查询。

N/A

N/A