VICIDIAL 'manager_send.php' CVE-2013-4468 Command Injection Vulnerability

VICIDIAL is prone to a command-injection vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary commands in the context of the affected application.

Note: The issue described by CVE-2013-4467 has been moved to BID 63340 (VICIDIAL 'manager_send.php' CVE-2013-4467 SQL Injection Vulnerability) for better documentation.

VICIDIAL 2.7RC1, 2.7 and 2.8-403a are vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus