Primary

Context

Zenitel ICX-AlphaCom and AlphaCom XE SQL Injection Vulnerability

Vulnerability

A vulnerability exists in Zenitel's ICX-AlphaCom v1.5.3.3 and AlphaCom XE versions up to 13.1.3.16, along with BSP 32.4.3.12. This vulnerability allows unauthenticated attackers to inject SQL queries through GET request parameters, enabling direct manipulation of the underlying database.

Impact

Exploitation of this vulnerability could lead to unauthorized database access and manipulation, allowing attackers to execute arbitrary SQL commands.

Remediation

Users are advised to upgrade to Zenitel ICX-AlphaCom v1.5.3.3 or AlphaCom XE versions 13.1.3.16 and later. For VS-IS users, the vulnerability has been fixed in versions 9.3.3.1 and 8.2.3.5 (TCIV).

Added: Jan 9, 2026, 10:22 AM

Updated: Jan 9, 2026, 10:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zenitel ICX-AlphaCom and AlphaCom XE SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating