High severity8.8NVD Advisory· Published Apr 4, 2023· Updated Jun 17, 2026
CVE-2023-25356
CVE-2023-25356
Description
CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leveraged to gain remote command execution.
Affected products
2- CoreDial/sipXcomdescription
Patches
Vulnerability mechanics
References
1- seclists.org/fulldisclosure/2023/Mar/5nvdExploitMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.