CVE-2024-8504

Name of the Vulnerable Software and Affected Versions VICIdial (affected versions not specified)

Description An authenticated attacker with agent access can execute arbitrary shell commands as the root user. This issue can be chained with another issue to execute arbitrary shell commands without authentication. The vulnerability relates to a lack of protection for the SQL query structure within the VERM AJAX functions.php script. Exploitation may allow a remote attacker to execute arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.