A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php.
9.8CVSS
9.7AI Score
0.956EPSS
VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter.
9.8CVSS
9.8AI Score
0.001EPSS
An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request.
9.8CVSS
9.4AI Score
0.002EPSS
A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.
The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root.
8.8CVSS
9.2AI Score
0.003EPSS