VICIdial user_authorization Unauthenticated Command Execution

VICIdial user_authorization Unauthenticated Command Execution

This Metasploit module exploits a vulnerability in VICIdial versions 2.9 RC 1 to 2.13 RC1 which allows unauthenticated users to execute arbitrary operating system commands as the web server user if password encryption is enabled (disabled by default). When password encryption is enabled the user’s password supplied using HTTP basic authentication is used in a […]

The post VICIdial user_authorization Unauthenticated Command Execution appeared first on MondoUnix.