Mitel MiCollab SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the Suite Applications Services component of Mitel MiCollab versions 10.0 prior to 10.0 SP1 FP1 and 9.8 SP3 and earlier. This vulnerability allows authenticated attackers to exploit insufficient input validation, potentially executing arbitrary SQL commands. Such exploitation could access user provisioning information and disrupt the system's database operations.

Impact

Exploitation of this vulnerability could lead to unauthorized access to user provisioning data and the ability to execute arbitrary SQL commands, with possible negative effects on the system's data integrity and availability.

Remediation

Users are advised to upgrade to MiCollab version 10.1 or 9.8 SP3 FP1. For those unable to upgrade immediately, Mitel has provided patches for versions 10.0 prior to 10.0 SP1 FP1 and 9.8 through 9.8 SP3. Instructions for applying these patches are available in the Mitel Knowledge Base article SO8565.