SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:55
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.mitel.com/-/media/mitel/pdf/security-advisories/security-bulletin-19-0003-001.pdf - Vendor Advisory | |
References | () https://www.mitel.com/en-gb/support/security-advisories/mitel-product-security-adivsory-19-0003-001 - Vendor Advisory |
Information
Published : 2019-04-25 19:29
Updated : 2024-11-21 03:55
NVD link : CVE-2018-18286
Mitre link : CVE-2018-18286
CVE.ORG link : CVE-2018-18286
JSON object : View
Products Affected
mitel
- cmg_suite
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')