Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24593
Reference (s):
- https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0010
- https://www.mitel.com/support/security-advisories