Elastix < 2.4 PHP Code Injection Vulnerability Network Vulnerability

Summary

Elastix is prone to a php code injection vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary php code within the context of the affected webserver process. Elastix < 2.4 is vulnerable other versions may also be affected.

References

http://packetstormsecurity.com/files/119253/elastix23-exec.txt
http://www.elastix.org/

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 9.0
AV:N/AC:L/Au:N/C:C/I:P/A:P

Related Vulnerabilities

AVTECH DVR Multiple Vulnerabilities
AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
AlienVault OSSIM 'date_from' Parameter Multiple SQL Injection Vulnerabilities
Admin Bot 'news.php' SQL Injection Vulnerability
Adobe ColdFusion Information Disclosure Vulnerability

Take action and discover your vulnerabilities