Code injection

VICIDIAL dialer aka Asterisk GUI client 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to managersend.php...

CVE-2013-4468

VICIDIAL dialer aka Asterisk GUI client 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to managersend.php...

CVE-2013-4468

CVE-2013-4468 concerns VICIDIAL dialer (Asterisk GUI client) where remote authenticated users can execute arbitrary commands via shell metacharacters in the extension parameter of an OriginateVDRelogin action to manager_send.php. Affected versions include 2.7RC1, 2.7, and 2.8-403a and earlier. Th...

Sql injection

Multiple SQL injection vulnerabilities in the agent interface agc/ in VICIDIAL dialer aka Asterisk GUI client 2.8-403a, 2.7, 2.7RC1, and earlier allow 1 remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPTmultirecordingAJAX.php, 2 remote authenticated users to...

VICIdial Manager Send OS Command Injection Vulnerability

The file agc/managersend.php in the VICIdial web application uses unsanitized user input as part of a command that is executed using the PHP passthru function. A valid username, password and session are needed to access the injection point. Fortunately, VICIdial has two built-in accounts with...