| Title | For IP Tecnologia Ltda ForIP Tecnologia - Administração PABX 1.x SQL Injection |
|---|
| Description | An SQL injection vulnerability was found in the VOIP management software "ForIP Tecnologia - Administração PABX," where an authenticated user can inject SQL code into the database through an "id" parameter. This allows the use of automated tools like SQLmap to perform a full dump of the stored information.
All versions of the product are affected! |
|---|
| Source | ⚠️ https://docs.google.com/document/d/1Q3kLR-HXSmj1LFpnCAt964YHACWwdckz4O8n4ocgB1I/edit?usp=sharing |
|---|
| User | gabriel (UID 72007) |
|---|
| Submission | 07/17/2024 21:36 (2 years ago) |
|---|
| Moderation | 07/25/2024 14:41 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 272430 [ForIP Tecnologia Administração PABX 1.x Lista Ura Page /detalheIdUra ID sql injection] |
|---|
| Points | 18 |
|---|