CVE-2011-1609
Cisco Unified Communications Manager <6.1.5su2-8.5.1 - SQL Injection
Title source: llmDescription
SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Alberto Revelli · textwebappsjsp
https://www.exploit-db.com/exploits/35672
References (7)
Core 7
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/1122
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/44331
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025449
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/67125
Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/47605
Scores
EPSS
0.0182
EPSS Percentile
83.1%
Details
CWE
CWE-89
Status
published
Products (45)
cisco/unified_communications_manager
6.0
cisco/unified_communications_manager
6.1\(1\)
cisco/unified_communications_manager
6.1\(1a\)
cisco/unified_communications_manager
6.1\(1b\)
cisco/unified_communications_manager
6.1\(2\)
cisco/unified_communications_manager
6.1\(2\)su1
cisco/unified_communications_manager
6.1\(2\)su1a
cisco/unified_communications_manager
6.1\(3\)
cisco/unified_communications_manager
6.1\(3a\)
cisco/unified_communications_manager
6.1\(3b\)
... and 35 more
Published
May 03, 2011
Tracked Since
Feb 18, 2026