BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
[CVE-2014-1903] FreePBX 2.9 through 12 RCE Feb 11 2014 11:44PM
rob thomas schmoozecom com
Overview:
Unauthenticated user-level Remote Code Execution (RCE) vulnerability in admin/config.php, the main interface to FreePBX. This bug was introduced in FreePBX 2.9, earlier versions are not affected.

Score - 8.4
(AV:N/AC:L/Au:N/C:P/I:P/A:C/E:H/RL:OF/RC:C/CDP:MH/TD:ND/CR:L/IR:L/AR:M)

Refere...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus