CVE-2017-12227

Name of the Vulnerable Software and Affected Versions Cisco Emergency Responder (affected versions not specified)

Description A vulnerability in the SQL database interface could allow an authenticated, remote attacker to conduct a blind SQL injection attack. This is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this by sending crafted URLs that include SQL statements, potentially allowing them to view or modify database table entries and affect data integrity.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.