CVE-2011-1609
Cisco Unified Communications Manager <6.1.5su2-8.5.1 - SQL Injection
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-1609. PoCs published by Alberto Revelli.
AI-analyzed exploit summary This exploit demonstrates SQL injection vulnerabilities in Cisco Unified Communications Manager by manipulating the 'f' parameter in the xmldirectorylist.jsp endpoint. The provided URLs show classic SQLi techniques to bypass authentication or cause errors.
Description
SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647.
Exploits (1)
This exploit demonstrates SQL injection vulnerabilities in Cisco Unified Communications Manager by manipulating the 'f' parameter in the xmldirectorylist.jsp endpoint. The provided URLs show classic SQLi techniques to bypass authentication or cause errors.