Slican: >> Ncp Server Cm400p.1bc Security Vulnerabilities
Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/session_ajax.php endpoint.
This issue was fixed in version 1.24.0190 (Slican NCP) and 6.61.0010 (Slican IPL/IPM/IPU).
CVSS Score
9.3
EPSS Score
0.001
Published
2026-02-24