PT-2021-23599 · Imagicle · Imagicle Application Suite
Dawid Czarnecki
·
Published
2021-10-14
·
Updated
2023-09-28
·
CVE-2021-42369
CVSS v3.1
9.9
Critical
| Vector | AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N |
Name of the Vulnerable Software and Affected Versions
Imagicle Application Suite (for Cisco UC) versions prior to 2021.Summer.2
Description
The issue allows SQL injection, where a low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI.
Recommendations
For versions prior to 2021.Summer.2, update to version 2021.Summer.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Export to CSV" feature of the Contact Manager web GUI to minimize the risk of exploitation.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Imagicle Application Suite