Avaya Radvision SCOPIA Desktop SQL Injection Vulnerability

Avaya Radvision SCOPIA Desktop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Avaya Radvision SCOPIA Desktop version and are vulnerable.


Bugtraq ID: 97374
Class: Input Validation Error
Remote: Yes
Local: No
Published: Apr 04 2017 12:00AM
Credit: Patrick Webster
Vulnerable: Avaya Radvision Scopia Desktop
Avaya Radvision Scopia Desktop

Not Vulnerable:


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

Related Posts