Voipmonitor Security Vulnerabilities and Issues — Voipmonitor CVE List

Lucene search

VoipmonitorVoipmonitor

5 matches found

CVE•added 2022/02/04 5:15 p.m.•169 views

CVE-2022-24260

A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.

10CVSS9.8AI score0.89745EPSS

In wild

CVE•added 2021/05/29 2:15 p.m.•108 views

CVE-2021-30461

A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php.

9.8CVSS9.7AI score0.93253EPSS

In wildWeb

CVE•added 2022/02/04 5:15 p.m.•63 views

CVE-2022-24259

An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request.

9.8CVSS9.4AI score0.02918EPSS

CVE•added 2022/06/17 1:15 p.m.•53 views

CVE-2021-41408

VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter.

9.8CVSS9.8AI score0.00732EPSS

CVE•added 2022/02/04 5:15 p.m.•44 views

CVE-2022-24262

The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root.

8.8CVSS9.2AI score0.03913EPSS