CVE-2009-2234

Name of the Vulnerable Software and Affected Versions VICIDIAL Call Center Suite version 2.0.5-173

Description The issue concerns SQL injection vulnerabilities in the admin.php file. Remote attackers can execute arbitrary SQL commands by exploiting the Username parameter ($PHP AUTH USER) and the Password parameter ($PHP AUTH PW).

Recommendations For VICIDIAL Call Center Suite version 2.0.5-173, consider restricting access to the admin.php file until a patch is available. As a temporary workaround, avoid using the $PHP AUTH USER and $PHP AUTH PW parameters in the affected API endpoint.