index.php under the recordings directory, which is outside of the admin directory, has a remote command execution vulnerability which is available without proper authentication. (CVE-[AWAITING])
Users are advise to remove the module named "admindashboard" and upgrade fw_ari through the following commands:
#replacing the ‘AMPWEBROOT’ with the system setting. rm -rf AMPWEBROOT/admin/modules/admindashboard
Then run the following command to remove all traces of it from FreePBX
amportal a ma upgrade fw_ari
Additionally users are advised to be on the lookout for two suspicious files, named "c.sh" or "c2.pl" respectively. If you see these two files please remove them immediately!
Further information will be provided in a blog post.