Vulnerabilities > Mitel > Mivoice Office 400 SMB Controller Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-14 | CVE-2023-39292 | SQL Injection vulnerability in Mitel products A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations. | 9.8 |
| 2023-08-14 | CVE-2023-39293 | Command Injection vulnerability in Mitel products A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of the system. | 9.8 |