Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_multirecording_AJAX.php, (2) remote authenticated users to execute arbitrary SQL commands via the server_ip parameter to manager_send.php, or (3) other unspecified vectors. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
VICIDIAL ‘manager_send.php’SQL注入漏洞
Vulnerability Description
VICIDIAL dialer(又名Asterisk GUI client)是美国Vicidial集团所负责维护的一套基于Asterisk的开源PBX系统,也是一个用于处理大量呼入、呼出的呼叫中心软件包。 VICIDIAL dialer 2.7及之前版本中的代理界面(agc/)中存在SQL注入漏洞,该漏洞源于SCRIPT_multirecording_AJAX.php脚本没有充分过滤‘campaign’参数和manager_send.php脚本没有正确过滤‘server_ip parameter’参数。远
CVSS Information
N/A
Vulnerability Type
N/A