Voipmonitor: >> Voipmonitor Security Vulnerabilities
VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-06-17
The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root.
CVSS Score
8.8
EPSS Score
0.039
Published
2022-02-04
An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request.
CVSS Score
9.8
EPSS Score
0.029
Published
2022-02-04
A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.
CVSS Score
9.8
EPSS Score
0.898
Published
2022-02-04
A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php.
CVSS Score
9.8
EPSS Score
0.933
Published
2021-05-29