CVE-2019-1825

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an authenticated, remote attacker to execute arbitrary SQL queries. This issue exists because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this by sending a crafted HTTP request containing malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.