SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647.
https://exchange.xforce.ibmcloud.com/vulnerabilities/67125
http://www.vupen.com/english/advisories/2011/1122
http://www.securitytracker.com/id?1025449
http://www.securityfocus.com/bid/47605
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml
http://secunia.com/advisories/44331
http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html