Successful exploit allows execution of arbitrary SQL queries
28th November 2018, By Sergiu Gatlan
Cisco just patched a critical SQL injection vulnerability residing in the web framework code of the Cisco Prime License Manager (PLM) designed to help administrators to manage user licenses on an enterprise-wide scale.
Potential remote attackers could execute arbitrary SQL queries on vulnerable machines after successfully exploiting the CVE-2018-15441 security issue.
According to Cisco’s advisory detailing this SQL injection security bug in the Cisco Prime License Manager solution, the issue resides in the “lack of proper validation of user-supplied input in SQL queries.”