How severe is CVE-2019-12710?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2019-12710?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2019-12710 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. The vulnerability exists because the affected software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted requests that contain malicious SQL statements to the affected application. A successful exploit could allow the attacker to determine the presence of certain values in the database, impacting the confidentiality of the system.

Related Vulnerabilities

CVE-2017-14600

MEDIUM

CVSS:4.9(Medium)

Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure.

CWE-892017

CVE-2017-14601

MEDIUM

CVSS:4.9(Medium)

Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure.

CWE-892017

CVE-2017-17822

MEDIUM

CVSS:4.9(Medium)

The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQ...

CWE-892017

CVE-2017-17823

MEDIUM

CVSS:4.9(Medium)

The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connec...

CWE-892017

CVE-2017-17824

MEDIUM

CVSS:4.9(Medium)

The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the d...

CWE-892017

CVE-2017-3886

MEDIUM

CVSS:4.9(Medium)

A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, ...

CWE-892017