The SAS portal of Mitel MiCollab prior to 9.2 could allow an malicious user to access user credentials due to improper input validation, aka SQL Injection.
mitel micollab