HomePentest-Tools.com Logo

FreePBX admin/config.php Remote Code Execution Vulnerability CVE-2014-1903

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

FreePBX is prone to a remote code execution vulnerability.

Risk description

admin/libraries/view.functions.php does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php. Successfully exploiting this issue will allow attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.

Recommendation

Updates are available.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 18, 2014
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available