CNNVD-202507-1538 Information

CNNVD ID

CNNVD-202507-1538

Related CVE

CVE-2025-34099

• CNNVD Published: 2025-07-10

Description (Chinese)

VICIdial是VICIdial公司的一个软件套件。旨在与 Asterisk 开源 Pbx 电话系统交互，作为一个完整的呼入/呼出联络中心套件，同时支持呼入电子邮件。 VICIdial 2.9 RC1至2.13 RC1版本存在安全漏洞，该漏洞源于vicidial_sales_viewer.php组件中的命令注入问题，可能导致远程代码执行。

Description (English)

VICIdial is a software package for VICIdial. It is intended to interact with the Asterisk open source Pbx telephone system as a complete call-in/out of focal point package, while supporting call-in e-mail. Versions 2.9 RC1 to 2.13 RC1 contain a security loophole that stems from a command injection problem in the video sales viewer.php component and may lead to remote code execution.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

VICIdial

Published

2025-07-10

Last Modified

2026-02-24

References

https://vulncheck.com/advisories/vicidial-unauth-command-injection https://www.exploit-db.com/exploits/42370 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/vicidial_user_authorization_unauth_cmd_exec.rb https://www.vicidial.org/VICIDIALmantis/view.php?id=1016 https://access.redhat.com/security/cve/cve-2025-34099 https://nvd.nist.gov/vuln/detail/CVE-2025-34099