Vulnerabilities > Voipmonitor > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-06-17 CVE-2021-41408 SQL Injection vulnerability in Voipmonitor 24.61
VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter.
network
low complexity
voipmonitor CWE-89
critical
 9.8
9.8
2022-02-04 CVE-2022-24259 Improper Authentication vulnerability in Voipmonitor
An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request.
network
low complexity
voipmonitor CWE-287
critical
 9.8
9.8
2022-02-04 CVE-2022-24260 SQL Injection vulnerability in Voipmonitor
A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.
network
low complexity
voipmonitor CWE-89
critical
 9.8
9.8
2021-05-29 CVE-2021-30461 Code Injection vulnerability in Voipmonitor
A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61.
network
low complexity
voipmonitor CWE-94
critical
 9.8
9.8