Vulnerability Vicidial 11 php

All installation and configuration problems and questions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

Vulnerability Vicidial 11 php

Postby josnad » Thu May 09, 2024 12:13 pm

Hi every one

I have install a vicidial 11,SO OpenSuse 15.5, SVN 3831, asterisk 16.30.0-vici, ram 8G, this severs are in cluster.

A vulnerability has been found with php 7.4.33 of version 11 of vicidial.

Criticism: Version detection not compatible with PHP (port: 80 - 443)
josnad
 
Posts: 5
Joined: Mon May 06, 2024 4:59 pm

Re: Vulnerability Vicidial 11 php

Postby mflorell » Thu May 09, 2024 9:51 pm

What is the exact vulnerability that was found?
mflorell
Site Admin
 
Posts: 18386
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida

Re: Vulnerability Vicidial 11 php

Postby josnad » Fri May 10, 2024 11:30 am

The scan was done by the Nessus app


Vulnerabilities
58987 - PHP Unsupported Version Detection
Synopsis
The remote host contains an unsupported version of a web application scripting language.
Description
According to its version, the installation of PHP on the remote host is no longer supported.
Lack of support implies that no new security patches for the product will be released by the vendor. As a
result, it is likely to contain security vulnerabilities.
See Also
http://php.net/eol.php
https://wiki.php.net/rfc/releaseprocess


The same scan was carried out for version 10 of vicidial with OS 15.3 and this vulnerability did not appear
josnad
 
Posts: 5
Joined: Mon May 06, 2024 4:59 pm

Re: Vulnerability Vicidial 11 php

Postby josnad » Fri May 17, 2024 12:12 pm

Hi

Any know some solution for this vulnerability?
josnad
 
Posts: 5
Joined: Mon May 06, 2024 4:59 pm

Re: Vulnerability Vicidial 11 php

Postby alo » Sat May 18, 2024 7:31 pm

your message does not seem to imply that there is any specific vulnerability at all. other then the fact its out dated and I suppose that could be considered a vulnerability itself. do you update vicibox 11 after installing?
alo
 
Posts: 197
Joined: Wed Jun 20, 2012 10:21 am

Re: Vulnerability Vicidial 11 php

Postby josnad » Mon May 20, 2024 12:01 pm

Of course, but then if there is an update that corrects the reported error, what is it?

1 2024-05-16 07:16:28 yast lan
2 2024-05-16 07:18:16 ip a
3 2024-05-16 12:26:33 zypper update -y
4 2024-05-16 12:48:13 reboot

513 packages were installed
josnad
 
Posts: 5
Joined: Mon May 06, 2024 4:59 pm

Re: Vulnerability Vicidial 11 php

Postby carpenox » Wed May 29, 2024 7:20 am

its because php 7.4 is EOL, however vicidial doesnt support php8 just yet
Alma Linux 9.4 | SVN Version: 3890 | DB Schema Version: 1721 | Asterisk 18.21.1 | PHP8
www.dialer.one -:- 1-833-DIALER-1 -:- https://linktr.ee/CyburDial -:- WA: +19549477572
GC: https://join.skype.com/ujkQ7i5lV78O | DC: https://discord.gg/DVktk6smbh
carpenox
 
Posts: 2426
Joined: Wed Apr 08, 2020 2:02 am
Location: St Petersburg, FL

Re: Vulnerability Vicidial 11 php

Postby mflorell » Tue Aug 06, 2024 11:28 am

We just committed hundreds of changes to our PHP codebase for PHP8 support in VICIdial. Check out svn/trunk revision 3863 or higher to test it out!
mflorell
Site Admin
 
Posts: 18386
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida


Return to Support

Who is online

Users browsing this forum: Google [Bot] and 51 guests