SQL Injection Vulnerability in Grandstream UCM6204 Devices

SQL Injection Vulnerability in Grandstream UCM6204 Devices

CVE-2019-10663 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.