![testout lab 13.7 testout lab 13.7](https://static.planetminecraft.com/files/resource_media/screenshot/1325/2013-06-20_161716_5747943_lrg.jpg)
Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise. The security risk of the sql injection vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 7.1.Įxploitation of the remote sql injection web vulnerabilities requires no user interaction but a agent or moderator web-application user account.
![testout lab 13.7 testout lab 13.7](https://live.staticflickr.com/65535/49978169372_e5d80f76b7_b.jpg)
Remote attackers are able to execute sql commands by injection of malicious statements via GET method The vulnerability is located in the `DB` parameter of the `AST_IVRstats.php`, `AST_LISTS_pass_report.php`, `AST_usergroup_login_report.php`Īnd `admin_lists_custom.php` files. The vulnerability allows remote attackers to execute own sql commands to compromise the web-applicaation or connected dbms. Restricted Authentication (User Privileges)Ī remote sql injection web vulnerability has been discovered in the official Vicidial v2.14-783a web-application. : Public Disclosure (Vulnerability Laboratory) : Vendor Notification (Security Department)Ģ022-**-**: Vendor Response/Feedback (Security Department)Ģ022-**-**: Vendor Fix/Patch (Service Developer Team)Ģ022-**-**: Security Acknowledgements (Security Department)
![testout lab 13.7 testout lab 13.7](https://media.npr.org/assets/img/2014/11/03/rat_wide-cf949b50c21c9b4f9a024a389b5b78406cede059.jpg)
: Researcher Notification & Coordination (Security Researcher) Product: Ametys v4.4.1 - Content Management System (Web-Application) The vulnerability laboratory core research team discovered a sql-injection web vulnerability in the Vicidial v2.14-783a web-application. The world, several with over 300 agent seats and many with multiple locations. There are currently over 24,000 installations of VICIDIAL in production in over 100 countries around VICIDIAL can function as an ACD for inbound calls or for Closer calls coming from VICIDIAL outboundįronters and even allows for remote agents logging in from remote locations as well as remote agents that may only Offers the ability to view many real-time and summary reports as well as many detailed campaign and agent optionsĪnd settings. The management interface is also web-based and Nothing more than an internet browser on the client computer. Interactive set of web pages that work through a web browser to give real-time information and functionality with
#Testout lab 13.7 software
Vicidial is a software suite that is designed to interact with the Asterisk Open-Source PBX Phone system to actĪs a complete inbound/outbound contact center suite with inbound email support as well. Vicidial v2.14-783a - (DB) SQL Injection Web Vulnerability