VICIDIAL 'manager_send.php' CVE-2013-4467 SQL Injection Vulnerability

VICIDIAL is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input.

A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Note: This issue was previously covered in BID 63288 (VICIDIAL Multiple SQL Injection and Command Injection Vulnerabilities), but has been moved to its own record for better documentation.

VICIDIAL 2.7RC1, 2.7 and 2.8-403a are vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus