SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.
Conclusion & alert: CVE-2008-0026 is rated High Exploit Risk (60.4/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 0.36%). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| 31189 | exploit_db | edb | 2008-02-13 | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2025-04-05 | 0.26% | 0.36% | +0.10% |
| 2 | 2025-03-17 | 0.16% | 0.26% | +0.09% |
| 3 | 2024-08-26 | — | 0.16% | — |
Full EPSS history (8 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 6.5 | 2.0 | MEDIUM |
|
8.0 | 6.4 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| cisco | unified_callmanager | 5.0 | cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:* |
| cisco | unified_callmanager | 5.0\(1\) | cpe:2.3:a:cisco:unified_callmanager:5.0\(1\):*:*:*:*:*:*:* |
| cisco | unified_callmanager | 5.0\(2\) | cpe:2.3:a:cisco:unified_callmanager:5.0\(2\):*:*:*:*:*:*:* |
| cisco | unified_callmanager | 5.0\(3\) | cpe:2.3:a:cisco:unified_callmanager:5.0\(3\):*:*:*:*:*:*:* |
| cisco | unified_callmanager | 5.0\(3a\) | cpe:2.3:a:cisco:unified_callmanager:5.0\(3a\):*:*:*:*:*:*:* |
| cisco | unified_callmanager | 5.0\(4\) | cpe:2.3:a:cisco:unified_callmanager:5.0\(4\):*:*:*:*:*:*:* |
| cisco | unified_callmanager | 5.0_4a | cpe:2.3:a:cisco:unified_callmanager:5.0_4a:*:*:*:*:*:*:* |
| cisco | unified_callmanager | 5.1 | cpe:2.3:a:cisco:unified_callmanager:5.1:*:*:*:*:*:*:* |
| cisco | unified_callmanager | 6.0 | cpe:2.3:a:cisco:unified_callmanager:6.0:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 5.0 | cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 5.0_1 | cpe:2.3:a:cisco:unified_communications_manager:5.0_1:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 5.0_2 | cpe:2.3:a:cisco:unified_communications_manager:5.0_2:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 5.0_3 | cpe:2.3:a:cisco:unified_communications_manager:5.0_3:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 5.0_3a | cpe:2.3:a:cisco:unified_communications_manager:5.0_3a:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 5.0_4 | cpe:2.3:a:cisco:unified_communications_manager:5.0_4:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 5.0_4a | cpe:2.3:a:cisco:unified_communications_manager:5.0_4a:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 5.0_4a_su1 | cpe:2.3:a:cisco:unified_communications_manager:5.0_4a_su1:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 6.0 | cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 6.0_1 | cpe:2.3:a:cisco:unified_communications_manager:6.0_1:*:*:*:*:*:*:* |
| cisco | unified_communications_manager | 6.1 | cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:* |