CVE-2022-34877

CVE Database · CVE-2022-34877

CVE-2022-34877

· MEDIUMModified

CVSS v3.1

6.4

EPSS

2.69%

Published

Jul 5, 2022

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-89CWE-89

Affected Products (1)

vicidial · vicidialvulnerable

References (4)

https://github.com/rapid7/metasploit-framework/pull/16732

PatchThird Party Advisory

https://www.vicidial.org/VICIDIALforum/viewtopic.php?f=4&t=41300&sid=aacb27a29fefd85265b4d55fe51122af

Vendor Advisory

https://github.com/rapid7/metasploit-framework/pull/16732

PatchThird Party Advisory

https://www.vicidial.org/VICIDIALforum/viewtopic.php?f=4&t=41300&sid=aacb27a29fefd85265b4d55fe51122af

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs