Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-7123

Exec shell on a host using bug in config.php

          Details

          • Type: Bugs
          • Status: Closed
          • Priority: Critical
          • Resolution: Fixed
          • Affects Version/s: 2.10, 2.11, 12
          • Fix Version/s: 2.10, 2.11, 12
          • Component/s: FreePBX Framework
          • Labels:
            None
          • ToDo:
          • Target Release:

            Description

            config.php has a remote command execution vulnerability which is available without proper authentication. (CVE-2014-1903)

              Attachments

                Issue Links

                links to

                Web Link Blog Post

                  Activity

                    People

                    • Assignee:
                      GameGamer43 Bryan Walters
                      Reporter:
                      phylocko phylocko
                    • Votes:
                      1 Vote for this issue
                      Watchers:
                      5 Start watching this issue

                      Dates

                      • Created:
                        Updated:
                        Resolved: