VICIDIAL Call Center Suite Multiple SQL Injection Vulnerabilities Network Vulnerability

Summary

This host is installed with VICIDIAL Call Center Suite and is prone to multiple SQL Injection vulnerabilities.

Impact

Attackers can exploit this issue via specially crafted SQL statements to access and modify the back-end database. Impact Level: Application

Solution

Apply the available patch. http://www.eflo.net/vicidial/security_fix_admin_20090522.patch ***** NOTE: Ignore this warning if the above mentioned patch is already applied. *****

Insight

This flaw occurs due to lack of sanitation of user supplied data passed into the admin.php and can be exploited via username and password parameters.

Affected

VICIDIAL Call Center Suite 2.0.5 through 2.0.5-173

References

http://www.eflo.net/VICIDIALforum/viewtopic.php?t=8075
http://xforce.iss.net/xforce/xfdb/50665

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-2234
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
4psa Voipnow Local File Inclusion Vulnerability
b2ePMS Multiple SQL Injection Vulnerabilities
ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities
Admbook PHP Code Injection Flaw

Take action and discover your vulnerabilities