| |
Podatność CVE-2023-25356
Publikacja: 2023-04-04
| Opis: |
CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leveraged to gain remote command execution. |
W naszej bazie, znaleźliśmy następujące noty dla tego CVE: | Tytuł | Autor | Data |
High |
| Systems Research... | 08.03.2023 |
Typ:
CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
)
Referencje: |
https://seclists.org/fulldisclosure/2023/Mar/5
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
Polish
English