Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection

Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/avaya-radvision-scopia-desktop-dlg_loginowneridjsp-ownerid-sql-injection.html

Date:
04-Apr-2017

Product:
Avaya Radvision SCOPIA Desktop

Versions affected:
v7.7.000.042 released in 2011 (confirmed)
v8.2.101.046 relased in 2013 (confirmed)

Vulnerability:
Blind SQL injection.

Vulnerability details:
The vulnerability exists within a HTTP POST request to gain access to
stored recordings.

Example:

POST…

Leave a Reply