2 results (0.007 seconds)

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of the system. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0009 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0008 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •