EUVD-2022-29169

Malicious code in bioql PyPI...

CVE-2022-24262

The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root...

CVE-2022-24260

A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level...

CVE-2022-24259

An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request...

CVE-2022-24262

The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root...

CVE-2022-24260

A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level...

CVE-2022-24259

An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request...

CVE-2022-24259

An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request...

CVE-2022-24260

A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level...

Command injection

The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root...

Cross site request forgery (csrf)

An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request...

Sql injection

A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level...

CVE-2022-24262

The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root...

CVE-2022-24260

Voipmonitor GUI contains a pre-auth SQL injection (CVE-2022-24260 ) in the API/utility paths (api.php and utilities.php) prior to v24.96 that allows an attacker to escalate to Administrator privileges and potentially extract data. The Nuclei template confirms the vulnerability class and affected ...

CVE-2022-24259

VoIPmonitor GUI (cdr.php) contains an incorrect check in versions before 24.96, enabling an unauthenticated attacker to escalate privileges via a crafted request. Affected software: VoIPmonitor GUI; root cause: faulty access check in cdr.php leading to privilege escalation. Impact: unauthenticate...

CVE-2022-24260

A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level...

CVE-2022-24259

An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request...