Vendor
VoIPmonitor
Products
2
CVEs
3
Across products
3
Status
Private
Products
2- 2 CVEs
- 1 CVE
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-30461 | 0.07 | — | 0.37 | May 29, 2021 | A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php. | |||
| CVE-2021-41408 | 0.00 | — | 0.01 | Jun 17, 2022 | VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter. | |||
| CVE-2022-24262 | 0.00 | — | 0.02 | Feb 4, 2022 | The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root. |
- CVE-2021-30461May 29, 2021risk 0.07cvss —epss 0.37
A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php.
- CVE-2021-41408Jun 17, 2022risk 0.00cvss —epss 0.01
VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter.
- CVE-2022-24262Feb 4, 2022risk 0.00cvss —epss 0.02
The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root.