mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-16 20:27:21 +00:00
22 lines
1.2 KiB
Markdown
22 lines
1.2 KiB
Markdown
|
### [CVE-2019-15972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15972)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
### Description
|
||
|
|
|
||
|
|
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database.
|
||
|
|
|
||
|
|
### POC
|
||
|
|
|
||
|
|
#### Reference
|
||
|
|
No PoCs from references.
|
||
|
|
|
||
|
|
#### Github
|
||
|
|
- https://github.com/0xT11/CVE-POC
|
||
|
|
- https://github.com/20142995/sectool
|
||
|
|
- https://github.com/FSecureLABS/Cisco-UCM-SQLi-Scripts
|
||
|
|
- https://github.com/developer3000S/PoC-in-GitHub
|
||
|
|
- https://github.com/hectorgie/PoC-in-GitHub
|
||
|
|
|