Cisco Unified MeetingPlace contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary SQL code on a targeted system.
The vulnerability is due to improper validation of user-supplied input to the web-based application interface. An authenticated, remote attacker could exploit this vulnerability by sending malicious requests to the system. If successful, the attacker could execute arbitrary SQL code against the database underlying the affected application.
Cisco has confirmed this vulnerability in a bug report and has released updated software.
To exploit this vulnerability, the attacker would need to authenticate to the targeted device. To achieve this objective, the attacker may need access to trusted, internal network resources. This access requirement reduces the exposure of this vulnerability.