Sytel Ltd Softdial Contact Center vulnerabilities
3 known vulnerabilities affecting sytel_ltd/softdial_contact_center.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-2494P2CRITICALCVSS 9.8vall versions2025-03-18
CVE-2025-2494 [CRITICAL] CWE-434 CVE-2025-2494: Unrestricted file upload to Softdial Contact Center of Sytel Ltd. This vulnerability could allow an
Unrestricted file upload to Softdial Contact Center of Sytel Ltd. This vulnerability could allow an attacker to upload files to the server via the ‘/softdial/phpconsole/upload.php’ endpoint, which is protected by basic HTTP authentication. The files are uploaded to a directory exposed by the web application, which could result in code execution, givi
nvd
CVE-2025-2493P3HIGHCVSS 7.5vall versions2025-03-18
CVE-2025-2493 [HIGH] CWE-22 CVE-2025-2493: Path Traversal vulnerability in Softdial Contact Center of Sytel Ltd. This vulnerability allows an a
Path Traversal vulnerability in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to manipulate the ‘id’ parameter of the ‘/softdial/scheduler/load.php’ endpoint to navigate beyond the intended directory. This can allow unauthorised access to sensitive files outside the expected scope, posing a security risk.
nvd
CVE-2025-2495P4MEDIUMCVSS 5.4vall versions2025-03-18
CVE-2025-2495 [MEDIUM] CWE-79 CVE-2025-2495: Stored Cross-Site Scripting (XSS) in Softdial Contact Center of Sytel Ltd. This vulnerability allows
Stored Cross-Site Scripting (XSS) in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the ‘/softdial/scheduler/save.php’ resource. The injected code will execute when the uploaded file is loaded via the ‘/softdial/scheduler/load.php’ resource and can redirect
nvd