Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
VICIdial vicidial_sales_viewer.php Unauthenticated Command Injection via Basic Auth Password
Vulnerability Description
An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidial_sales_viewer.php component when password encryption is enabled (a non-default configuration). The application improperly passes the HTTP Basic Authentication password directly to a call to exec() without adequate sanitation. This allows remote attackers to inject and execute arbitrary operating system commands as the web server user. NOTE: This vulnerability was mitigated in 2017.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
VICIdial 安全漏洞
Vulnerability Description
VICIdial是VICIdial公司的一个软件套件。旨在与 Asterisk 开源 Pbx 电话系统交互,作为一个完整的呼入/呼出联络中心套件,同时支持呼入电子邮件。 VICIdial 2.9 RC1至2.13 RC1版本存在安全漏洞,该漏洞源于vicidial_sales_viewer.php组件中的命令注入问题,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A