what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

CVE-2024-8504

VICIdial Authenticated Remote Code Execution

Posted Oct 1, 2024

Authored by Valentin Lobstein, Jaggar Henry | Site metasploit.com

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.

tags | exploit, arbitrary, shell, root

advisories | CVE-2024-8504

SHA-256 | 2328f6faa4b6ae3ca330a27bb8694e1604bd747c455740abb7e147c4bd02a379

Download | Favorite | View

VICIdial SQL Injection / Remote Code Execution

Posted Sep 16, 2024

Authored by Chocapikk | Site github.com

Proof of concept exploit that allows an attacker to retrieve administrative credentials through SQL injection and ultimately execute arbitrary code on the target server.

tags | exploit, arbitrary, sql injection, proof of concept

advisories | CVE-2024-8503, CVE-2024-8504

SHA-256 | e281d48432c2585fa05b2517fffc0171d56091981f896fb78703333f642a73a5

Download | Favorite | View

VICIdial 2.14-917a Remote Code Execution

Posted Sep 11, 2024

Authored by Jaggar Henry | Site korelogic.com

An attacker with authenticated access to VICIdial version 2.14-917a as an agent can execute arbitrary shell commands as the root user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.

tags | exploit, arbitrary, shell, root

advisories | CVE-2024-8504

SHA-256 | 6b4666c70098b4747658896c605a4f2b8c41c41c51144da20cf5be37e90a20b0

Download | Favorite | View