Posted by Patrick Webster via Fulldisclosure on Apr 04
Date:
04-Apr-2017
Product:
Avaya Radvision SCOPIA Desktop
Versions affected:
v7.7.000.042 released in 2011 (confirmed)
v8.2.101.046 relased in 2013 (confirmed)
Vulnerability:
Blind SQL injection.
Vulnerability details:
The vulnerability exists within a HTTP POST request to gain access to
stored recordings.
Example:
POST…