|
|
|
|
| |
Credit:
The original article can be found at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-mp
|
| |
Vulnerable Systems:
* Cisco Unified MeetingPlace versions prior to 7.1.2.6 (MR1)
The Cisco Unified MeetingPlace Web Conferencing service contains a vulnerability that could allow an unauthenticated, remote attacker to inject Structured Query Language (SQL) commands, that may affect the integrity and availability of the data stored in the MeetingPlace Web Conferencing internal database. This data may include server configurations, meetings, and users.
The vulnerability is due to insufficient validation of some of the parameters passed through the HTTP POST method. An attacker could exploit this vulnerability by inserting malicious SQL commands in the HTTP POST request directed to the affected system. An exploit could allow the attacker to modify or delete data from the Web Conferencing database.
This vulnerability is documented in Cisco bug ID CSCtx08939 (registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2012-0337
CVE Information:
CVE-2012-0337
Disclosure Timeline:
Published: April 18 2012
Updated: November 01 2012
|
|
|
|
|
