Vicidial Vicidial
9 CVEs affecting Vicidial Vicidial. Latest disclosed: 2024-09-10. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-34879 | Medium | 6.5 | 2022-07-05 | Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_a… |
CVE-2022-34877 | Medium | 6.4 | 2022-07-05 | SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoo… |
CVE-2022-34878 | Medium | 5.5 | 2022-07-05 | SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, t… |
CVE-2022-34876 | Medium | 5.5 | 2022-07-05 | SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters a… |
CVE-2024-8504 | | 2024-09-10 | An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-20… | |
CVE-2024-8503 | | 2024-09-10 | An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaint… | |
CVE-2013-7382 | | 2014-05-17 | VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which m… | |
CVE-2013-4468 | | 2014-05-14 | VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metachar… | |
CVE-2013-4467 | | 2014-03-11 | Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1)… |