Lucene search

Rapid7CVELIST:CVE-2022-34876

HistoryJun 30, 2022 - 12:00 a.m.

CVE-2022-34876 VICIDial 2.14b0.5 SVN 3550 was discovered to contain multiple SQL injection vulnerability at /vicidial/admin.php.

2022-06-3000:00:00

CWE-89

rapid7

www.cve.org

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

9.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.5%

JSON

SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.

CNA Affected

[
  {
    "product": "VICIdial",
    "vendor": "VICIdial",
    "versions": [
      {
        "lessThan": "3555",
        "status": "affected",
        "version": "2.14b0.5",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/rapid7/metasploit-framework/pull/16732

www.vicidial.org/VICIDIALforum/viewtopic.php?f=4&t=41300&sid=aacb27a29fefd85265b4d55fe51122af

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

9.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.5%

JSON

Related for CVELIST:CVE-2022-34876