Vulnerability CVE-2023-25356


Published: 2023-04-04

Description:
CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leveraged to gain remote command execution.

See advisories in our WLB2 database:
Topic
Author
Date
High
CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissionsundefined
Systems Research...
08.03.2023

Type:

CWE-78

(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

 References:
https://seclists.org/fulldisclosure/2023/Mar/5

Copyright 2024, cxsecurity.com

 

Back to Top