CVE-2021-30461

CRITICAL EXPLOITED NUCLEI

VoIPmonitor <24.61 - RCE

Title source: llm

Description

A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php.

Exploits (4)

nomisec WORKING POC 12 stars

by Al1ex · remote

https://github.com/Al1ex/CVE-2021-30461

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by Vulnmachines · remote

https://github.com/Vulnmachines/CVE-2021-30461

View Code ZIP pw:eip

nomisec WORKING POC

by daedalus · remote

https://github.com/daedalus/CVE-2021-30461

View Code ZIP pw:eip

nomisec WORKING POC

by puckiestyle · remote

https://github.com/puckiestyle/CVE-2021-30461

View Code ZIP pw:eip

Nuclei Templates (1)

VoipMonitor <24.61 - Remote Code Execution

CRITICALby shifacyclewala,hackergautam

Shodan: http.title:"VoIPmonitor" || http.title:"voipmonitor"

FOFA: title="voipmonitor"

References (1)

[Exploit, Third Party Advisory] https://ssd-disclosure.com/ssd-advisory--voipmonitor-unauth-rce

Scores

CVSS v3 9.8

EPSS 0.9338

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-09-06

CWE

CWE-94

Status published

Products (1)

voipmonitor/voipmonitor < 24.61

Published May 29, 2021

Tracked Since Feb 18, 2026