Vulnerabilities > Voipmonitor

DATE CVE VULNERABILITY TITLE RISK
2022-06-17 CVE-2021-41408 SQL Injection vulnerability in Voipmonitor 24.61
VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter.
network
low complexity
voipmonitor CWE-89
critical
9.8
2022-02-04 CVE-2022-24259 Improper Authentication vulnerability in Voipmonitor
An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request.
network
low complexity
voipmonitor CWE-287
critical
9.8
2022-02-04 CVE-2022-24260 SQL Injection vulnerability in Voipmonitor
A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.
network
low complexity
voipmonitor CWE-89
critical
9.8
2022-02-04 CVE-2022-24262 Unrestricted Upload of File with Dangerous Type vulnerability in Voipmonitor
The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root.
network
low complexity
voipmonitor CWE-434
8.8
2021-05-29 CVE-2021-30461 Code Injection vulnerability in Voipmonitor
A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61.
network
low complexity
voipmonitor CWE-94
critical
9.8