CVE Vulnerabilities

CVE-2013-4468

Published: May 14, 2014 | Modified: May 15, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php.

Affected Software

Name Vendor Start Version End Version
Vicidial Vicidial 2.7 2.7
Vicidial Vicidial * 2.8
Vicidial Vicidial 2.7 2.7

References