Remote Command Execution Vulnerability in VICIDIAL Dialer by VICIDIAL Group
CVE-2013-4468

Currently unrated

Key Information:

Vendor

Vicidial

Status
Vicidial
Vendor
CVE Published:
14 May 2014

What is CVE-2013-4468?

The VICIDIAL dialer is susceptible to a remote command execution vulnerability that allows authenticated users to inject arbitrary commands. This occurs through shell metacharacters in the extension parameter during the OriginateVDRelogin action in the manager_send.php script. Exploit of this vulnerability can lead to unauthorized access and execution of commands on the server, potentially compromising the entire system. Users are advised to update to later versions or apply security patches promptly to mitigate risks.

References

https://adamcaudill.com/2013/10/23/vicidial-multiple-vuln...
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/10/23/10
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2013/10/25/1
mailing-listx_refsource_MLIST

EPSS Score

81% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.