2 results (0.001 seconds)

CVSS: 9.8EPSS: 77%CPEs: 1EXPL: 0

21 Oct 2024 — A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0014 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0

21 Oct 2024 — A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0013 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •