Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-7123

Exec shell on a host using bug in config.php

    Details

    • Target Release:

      Description

      config.php has a remote command execution vulnerability which is available without proper authentication. (CVE-2014-1903)

        Attachments

          Issue Links

            Activity

            Show
            tm1000 Andrew Nagy added a comment - http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice
            Hide
            infinity005 infinity005 added a comment -

            whats the CVE ID for this?

            Show
            infinity005 infinity005 added a comment - whats the CVE ID for this?
            Hide
            tm1000 Andrew Nagy added a comment -

            We are not disclosing that at this time. When we decide to post the ID we will post that to this ticket.

            Sent from my iPhone

            Show
            tm1000 Andrew Nagy added a comment - We are not disclosing that at this time. When we decide to post the ID we will post that to this ticket. Sent from my iPhone
            Hide
            tm1000 Andrew Nagy added a comment -

            CVE-2014-1903

            Show
            tm1000 Andrew Nagy added a comment - CVE-2014-1903

              People

              • Assignee:
                GameGamer43 Bryan Walters
                Reporter:
                phylocko phylocko
              • Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: