Arbitrary SQL Command Execution in Dialogic PowerMedia XMS Administrative Console

Arbitrary SQL Command Execution in Dialogic PowerMedia XMS Administrative Console

CVE-2018-11643 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter.

Learn more about our User Device Pen Test.