5 matches found
VICIdial Manager Send OS Command Injection
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def...
CVE-2013-4468
CVE-2013-4468 concerns VICIDIAL dialer (Asterisk GUI client) where remote authenticated users can execute arbitrary commands via shell metacharacters in the extension parameter of an OriginateVDRelogin action to manager_send.php. Affected versions include 2.7RC1, 2.7, and 2.8-403a and earlier. Th...
CVE-2013-4468
VICIDIAL dialer aka Asterisk GUI client 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to managersend.php...
VICIdial Manager Send OS Command Injection (CVE-2013-4468)
An OS Command Injection vulnerability has been reported in VICIdial Manager. The vulnerability is due to a web application uses unsanitized user input. A remote attacker could trigger this flaw by using a crafted SQL parameter value...
CVE-2013-4468
creationtimestamp| type| source ---|---|--- 2013-11-08 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/29513 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/vicidialmanagersendcmdexec.rb 2025-02-06...