CVE-2023-25356 Information

Description

CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command which can be used to read files from and write files to the sipXcom server. This can also be leveraged to gain remote command execution.

Reference

https://seclists.org/fulldisclosure/2023/Mar/5