This host is running Brekeke PBX and is prone to Cross-Site Request Forgery Vulnerability.
Successful exploitation will allow attackers to change the administrator's password by tricking a logged in administrator into visiting a malicious web site. Impact Level: Application.
Upgrade to Brekeke PBX version 220.127.116.11 or later. For updates refer to http://www.brekeke.com/
The flaw exists in the application which fails to perform validity checks on certain 'HTTP reqests', which allows an attacker to hijack the authentication of users for requests that change passwords via the pbxadmin.web.PbxUserEdit bean.
Brekeke PBX version 18.104.22.168