VICIDIAL Call Center Suite Multiple SQL Injection Vulnerabilities

Summary
This host is installed with VICIDIAL Call Center Suite and is prone to multiple SQL Injection vulnerabilities.
Impact
Attackers can exploit this issue via specially crafted SQL statements to access and modify the back-end database. Impact Level: Application
Solution
Apply the available patch. http://www.eflo.net/vicidial/security_fix_admin_20090522.patch ***** NOTE: Ignore this warning if the above mentioned patch is already applied. *****
Insight
This flaw occurs due to lack of sanitation of user supplied data passed into the admin.php and can be exploited via username and password parameters.
Affected
VICIDIAL Call Center Suite 2.0.5 through 2.0.5-173
References