In addition to the 2012 flaw, this version is also susceptible to later critical vulnerabilities such as CVE-2014-7235
// Vulnerable pseudo-code $cli_command = $_POST['command']; system("/usr/sbin/asterisk -rx '" . $cli_command . "'");
GET /recordings/index.php HTTP/1.1 Host: target.pbx.local
The FreePBX 2.8.1.4 exploit has significant implications for organizations using this version of the platform. A successful exploit can lead to:
Exploit - ~upd~ Freepbx 2.8.1.4
In addition to the 2012 flaw, this version is also susceptible to later critical vulnerabilities such as CVE-2014-7235
// Vulnerable pseudo-code $cli_command = $_POST['command']; system("/usr/sbin/asterisk -rx '" . $cli_command . "'"); freepbx 2.8.1.4 exploit
GET /recordings/index.php HTTP/1.1 Host: target.pbx.local In addition to the 2012 flaw, this version
The FreePBX 2.8.1.4 exploit has significant implications for organizations using this version of the platform. A successful exploit can lead to: In addition to the 2012 flaw