Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Dialogic PowerMedia XMS 管理控制台信任管理问题漏洞
Vulnerability Description
Dialogic PowerMedia XMS是美国Dialogic公司的一套用于实时通信的软件多媒体服务器,它能够为IMS、MRF、企业和WebRTC应用程序提供实时多媒体通信解决方案。 Dialogic PowerMedia XMS 3.5及之前的版本中的管理控制台的/var/www/xms/application/config/config.php文件存在安全漏洞,该漏洞源于程序使用硬编码的密钥来保护cookie会话数据。远程攻击者可利用该漏洞绕过身份验证。
CVSS Information
N/A
Vulnerability Type
N/A