Added: 04/03/2014
CVE: CVE-2014-1903
BID: 65509
OSVDB: 103240
FreePBX is an open source telephony front-end, which has an easy to use graphical user interface that controls and manages Asterisk.
The Framework module of FreePBX is vulnerable to remote code execution as a result of improper sanitization of user-supplied input. The vulnerability is triggered when input passed as arguments to the **config.php**
script is not propery sanitized upon submission to the **admin/libraries/view.functions.php**
script. FreePBX versions 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 are vulnerable.
Upgrade to version 2.9.0.14, 2.10.1.15, 2.11.0.23, 12.0.1alpha22, or higher.
<http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice>
<http://issues.freepbx.org/browse/FREEPBX-7123>
<http://downloads.securityfocus.com/vulnerabilities/exploits/65509.php>
The **telnet**
application must exist on the target system.
Linux