Code injection

2007-04-3022:19:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.5%

JSON

admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter.

CPENameOperatorVersion
freepbxle2.2.1

CPE	Name	Operator	Version
	freepbx	le	2.2.1

References

lists.grok.org.uk/pipermail/full-disclosure/2007-April/053915.html

osvdb.org/35316

secunia.com/advisories/24935

securityreason.com/securityalert/2652

www.vupen.com/english/advisories/2007/1535