Remote Command Execution Vulnerability in VICIDIAL Dialer by VICIDIAL Group
CVE-2013-4468

Currently unrated

Key Information:

Vendor

Vicidial

Status
Vicidial
Vendor
CVE Published:
14 May 2014

What is CVE-2013-4468?

The VICIDIAL dialer is susceptible to a remote command execution vulnerability that allows authenticated users to inject arbitrary commands. This occurs through shell metacharacters in the extension parameter during the OriginateVDRelogin action in the manager_send.php script. Exploit of this vulnerability can lead to unauthorized access and execution of commands on the server, potentially compromising the entire system. Users are advised to update to later versions or apply security patches promptly to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://adamcaudill.com/2013/10/23/vicidial-multiple-vuln...
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/10/23/10
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2013/10/25/1
mailing-listx_refsource_MLIST

EPSS Score

82% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.