Security Advisory – SQL Injection Vulnerability in MiCollab

Mitel has identified a SQL injection vulnerability in MiCollab (versions 9.7.1.110 and earlier), which could allow attackers to execute arbitrary database commands. The vulnerability, with high-risk assessment, is patched in the latest software releases. Mitel advises updating affected systems to mitigate the risk. CVEs associated with this issue are 2024-30157 and 2024-30158.

For more details, visit the Mitel Product Security Advisory.