TTCSIRT-187.120518: TT-CSIRT Advisory – Cisco Security Updates
Cisco has released a security update stating that it has discovered a vulnerability in the web framework code of Cisco Prime License Manager (PLM) which could allow an unauthenticated, remote attacker to execute arbitrary SQL queries.
This is due to a lack of proper validation of user-supplied input in SQL queries and as a result, an attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application.
| Further information on this vulnerability and how it can be mitigated can be found on the Cisco Website at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181128-plm-sql-inject |
