SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669.
https://exchange.xforce.ibmcloud.com/vulnerabilities/68737
http://www.securityfocus.com/bid/48812
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8915e.shtml