vicidial.org

VICIDIAL astGUIclient discussion forum
http://www.vicidial.org/VICIDIALforum/

Vulnerability: Blind SQL injection.

http://www.vicidial.org/VICIDIALforum/viewtopic.php?f=2&t=37826

Page 1 of 1

Vulnerability: Blind SQL injection.

PostPosted: Wed Nov 15, 2017 3:41 am
by nidhinca
There is a critical vulnerability discovered on the Predictive Dialer Application by scanning Qualys.Express.

http://10.10.99.1/agc.new/astguiclient.php
http://10.10.99.1/

Issue: Blind SQL injection. This give access to the back end database of the application.

Installation details:

Centos 6.5 64Bit

Astguiclient:

Version: 2.10-401a

Build: 630508-2256


Kindly also avail us the root cause of this and fix this issues.

Re: Vulnerability: Blind SQL injection.

PostPosted: Wed Nov 15, 2017 6:04 am
by mflorell
That version is years old and we have patched many security holes since then. I would suggest upgrading to the latest svn/trunk version if you want a secure system.

Re: Vulnerability: Blind SQL injection.

PostPosted: Tue Dec 19, 2017 8:21 am
by nidhinca
Thanks for the reply. As we have done multiple customizations on the existing server, we will not be able to change the version.
All times are UTC - 5 hours
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/