SQL Injection Vulnerabilities in VICIDIAL Call Center Suite by VICIdial Group
CVE-2009-2234

Currently unrated

Key Information:

Vendor: Vicidial
Status: Call Center Suite
Vendor: CVE Published:; 27 June 2009

What is CVE-2009-2234?

Multiple vulnerabilities in the VICIDIAL Call Center Suite's admin.php file permit remote attackers to exploit SQL injection flaws. By manipulating the Username and Password parameters, attackers can execute arbitrary SQL commands. This security issue can be leveraged to gain unauthorized access to sensitive data and compromise system integrity.

References

http://www.securityfocus.com/bid/35056

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/50665

vdb-entryx_refsource_XF

http://www.eflo.net/vicidial/security_fix_admin_20090522....

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2009
Vulnerability Reserved
Jun 27, 2009

Vicidial

What is CVE-2009-2234?

References

Timeline