Striker7

**Name of the Vulnerable Software and Affected Versions** VICIDIAL Call Center Suite version 2.0.5-173 **Description** The issue concerns SQL injection vulnerabilities in the admin.php file. Remote attackers can execute arbitrary SQL commands by exploiting the `Username` parameter (`$PHP AUTH USER`) and the `Password` parameter (`$PHP AUTH PW`). **Recommendations** For VICIDIAL Call Center Suite version 2.0.5-173, consider restricting access to the admin.php file until a patch is available. As a temporary workaround, avoid using the `$PHP AUTH USER` and `$PHP AUTH PW` parameters in the affected API endpoint.