CVE-2022-34877 MEDIUM

CVE-2022-34877: VICIDial 2.14b0.5 SVN 3550 was discovered to contains a SQL injection vulnerability at /vicidial/AST_agent_time_sheet.php.

Vendor Vicidial
Product VICIdial
Weakness CWE-89 · SQLi
Published July 5, 2022
Last update September 17, 2024
View on NVD All CVEs

CVSS base score

6.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.

Key dates

02Disclosure timeline

July 5, 2022 CVE published
September 17, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-1545 itsourcecode School Management System index.php sql injection CVE-2024-1702 keerti1924 PHP-MYSQL-User-Login-System edit.php sql injection CVE-2023-2410 SourceCodester AC Repair and Services System view_booking.php sql injection CVE-2026-2580 WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters <= 4.9.1 - Unauthenticated SQL Injection via 'orderby' Parameter CVE-2024-55985 WordPress YDS Support Ticket System plugin <= 1.0 - SQL Injection vulnerability