The vulnerability is located in the `DB` parameter of the `AST_IVRstats.php`, `AST_LISTS_pass_report.php`, `AST_usergroup_login_report.php`Īnd `admin_lists_custom.php` files. The vulnerability allows remote attackers to execute own sql commands to compromise the web-applicaation or connected dbms. Restricted Authentication (User Privileges)Ī remote sql injection web vulnerability has been discovered in the official Vicidial v2.14-783a web-application. : Public Disclosure (Vulnerability Laboratory) : Vendor Notification (Security Department)Ģ022-**-**: Vendor Response/Feedback (Security Department)Ģ022-**-**: Vendor Fix/Patch (Service Developer Team)Ģ022-**-**: Security Acknowledgements (Security Department) : Researcher Notification & Coordination (Security Researcher) Product: Ametys v4.4.1 - Content Management System (Web-Application) The vulnerability laboratory core research team discovered a sql-injection web vulnerability in the Vicidial v2.14-783a web-application. The world, several with over 300 agent seats and many with multiple locations. There are currently over 24,000 installations of VICIDIAL in production in over 100 countries around VICIDIAL can function as an ACD for inbound calls or for Closer calls coming from VICIDIAL outboundįronters and even allows for remote agents logging in from remote locations as well as remote agents that may only Offers the ability to view many real-time and summary reports as well as many detailed campaign and agent optionsĪnd settings. The management interface is also web-based and Nothing more than an internet browser on the client computer. Interactive set of web pages that work through a web browser to give real-time information and functionality with Vicidial is a software suite that is designed to interact with the Asterisk Open-Source PBX Phone system to actĪs a complete inbound/outbound contact center suite with inbound email support as well. Then reboot and you should be fully operational.Vicidial v2.14-783a - (DB) SQL Injection Web Vulnerability Be sure to check all the "rebuild" options in admin->servers when you're in there. Then restore the system settings/server settings by copying the original tables from the fresh install or by modifying the necessary values in admin->System Settings and admin->Servers. Then restore the old DB and run the upgrade sql scripts. Verify the dialer works in autodial mode. Upgrade instructions are in /usr/src/astguiclient/trunk/UPGRADE. This way you'll have the latest greatest code and all your data and avoid that wheel invention routine at the same time. Takes a couple hours max if you have to start over a couple times.Ģ) OR (recommended) Install the Latest Vicibox and upgrade your DB to match. This will give you a stock Vicibox install with a proper environment without having to reinvent the wheel. r/archive/ ) and modify the svn trunk folder before installing vicibox using standard svn commands (see mflorell's link to the wiki instructions specific to vicidial). iso installer to get the proper version of asterisk (from. I was able to install a certain asterisk version but i need the vicidial version so i can try and transfer an existing database on a new server. I am trying to search the forums on how to install a vicidial from scratch that will install a build, Vicidial VERSION: 2.12-549a BUILD: 160404-0940 but cannot find one.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |