Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-7123

Exec shell on a host using bug in config.php

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.10, 2.11, 12
    • Fix Version/s: 2.10, 2.11, 12
    • Component/s: FreePBX Framework
    • Labels:
      None
    • ToDo:

      Description

      config.php has a remote command execution vulnerability which is available without proper authentication. (CVE-2014-1903)

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  GameGamer43 Bryan Walters
                  Reporter:
                  phylocko phylocko
                • Votes:
                  1 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    NextupJiraPlusStatus

                    Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.