漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
VICIdial vicidial_sales_viewer.php Unauthenticated Command Injection via Basic Auth Password
Vulnerability Description
An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidial_sales_viewer.php component when password encryption is enabled (a non-default configuration). The application improperly passes the HTTP Basic Authentication password directly to a call to exec() without adequate sanitation. This allows remote attackers to inject and execute arbitrary operating system commands as the web server user. NOTE: This vulnerability was mitigated in 2017.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
VICIdial 安全漏洞
Vulnerability Description
VICIdial是VICIdial公司的一个软件套件。旨在与 Asterisk 开源 Pbx 电话系统交互,作为一个完整的呼入/呼出联络中心套件,同时支持呼入电子邮件。 VICIdial 2.9 RC1至2.13 RC1版本存在安全漏洞,该漏洞源于vicidial_sales_viewer.php组件中的命令注入问题,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A