VYPR
Unrated severityNVD Advisory· Published Mar 11, 2014· Updated Jun 16, 2026

CVE-2013-4467

CVE-2013-4467

Description

Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_multirecording_AJAX.php, (2) remote authenticated users to execute arbitrary SQL commands via the server_ip parameter to manager_send.php, or (3) other unspecified vectors. NOTE: some of these details are obtained from third party information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Vicidial/Vicidial4 versions
    cpe:2.3:a:vicidial:vicidial:*:-:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:vicidial:vicidial:*:-:*:*:*:*:*:*range: <=2.7
    • cpe:2.3:a:vicidial:vicidial:2.7:rc1:*:*:*:*:*:*
    • cpe:2.3:a:vicidial:vicidial:2.8:403a:*:*:*:*:*:*
    • (no CPE)range: <=2.8-403a

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.