CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leveraged to gain remote command execution.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-04-04T00:00:00

Updated: 2024-08-02T11:18:36.342Z

Reserved: 2023-02-06T00:00:00

Link: CVE-2023-25356

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2023-04-04T13:15:08.713

Modified: 2023-04-11T14:38:41.287

Link: CVE-2023-25356

cve-icon Redhat

No data.