Multi-Tech FaxFinder prior to 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an malicious user to extract the underlying database schema to further disclose other fax server information through different injection points.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
multitech faxfinder |