Solution #00006579
Scope:
Fixed in Barracuda Phone System firmware 2.6.003
Severity: High
Description:
The firmware update listed above fixed a blind SQL Injection vulnerability found in the Barracuda Phone System UI. Successful exploitation of this vulnerability could result in an information disclosure.
To ensure maximum protection Barracuda Networks recommends that all customers upgrade to the latest generally available firmware and enable all definition updates.
Credits:
Mateusz Goik
Link to this page:
https://campus.barracuda.com/solution/501600000013kNtAAI
*** Note that the Barracuda Phone System was formerly known as the Cudatel Communication Server