4 matches found
VICIdial Authenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VICIdial Authenticated Remote Code Execution', 'Description' = %q An attacker with authenticated access to VICIdial as an "agent" can execute...
CVE-2024-8504
An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective...
CVE-2024-8504
CVE-2024-8504 is an authenticated Remote Code Execution in VICIdial (v2.14-917a) via OS command injection. An attacker with agent-level access can run commands as root; the issue can be chained with CVE-2024-8503 (unauthenticated SQLi) to escalate from unauthenticated context. Public sources conf...
Cross site request forgery (csrf)
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective...