Portcullis Security Advisory - The Cisco Unified CallManager is vulnerable to multiple SQL injections in the user interface as well as in the administration interface. Affected versions include 5.0.4.2000-1, 5.1, 6.0, and 6.1.
e72e770f10c4445cb4e5fcc7cd6d6c037951bda37c5e766f48015274febd3c88
Cisco Security Advisory - Cisco Unified Communications Manager is vulnerable to a SQL Injection attack in the parameter key of the admin and user interface pages. A successful attack could allow an authenticated attacker to access information such as usernames and password hashes that are stored in the database.
639e0e695b0229e11a5efa91427e8b5cc1a3516a903bcf4c8c00482f37667d65