CVE-2013-4467
VICIDIAL < 2.7 - SQL Injection via Campaign Variable in SCRIPT_multirecording_AJAX.php
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2013-4467.
PoCs published by Metasploit, including Metasploit module exploits/unix/webapp/vicidial_manager_send_cmd_exec.
AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in VICIdial's manager_send.php, leveraging SQL injection to bypass session checks and execute arbitrary commands. It includes authentication bypass via default credentials and session creation if necessary.
Description
Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_multirecording_AJAX.php, (2) remote authenticated users to execute arbitrary SQL commands via the server_ip parameter to manager_send.php, or (3) other unspecified vectors. NOTE: some of these details are obtained from third party information.
Exploits (2)
This Metasploit module exploits a command injection vulnerability in VICIdial's manager_send.php, leveraging SQL injection to bypass session checks and execute arbitrary commands. It includes authentication bypass via default credentials and session creation if necessary.
This Metasploit module exploits an OS command injection vulnerability in VICIdial's manager_send.php via unsanitized input passed to PHP's passthru() function. It also leverages a SQL injection to bypass session checks and includes default credentials for authentication.