From thehackernews.com
Critical security vulnerabilities have been uncovered in VoIPmonitor software that, if successfully exploited, could allow unauthenticated attackers to escalate privileges to the administrator level and execute arbitrary commands.
Following responsible disclosure by researchers from Kerbit, an Ethiopia-based penetration-testing and vulnerability research firm, on December 15, 2021, the issues were addressed in version 24.97 of the WEB GUI shipped on January 11, 2022.
“[F]ix critical vulnerabilities – new SQL injects for unauthenticated users allowing gaining admin privileges,” the maintainers of VoIPmonitor noted in the change log.