Summary
Elastix is prone to a php code injection vulnerability because it fails to properly sanitize user-supplied input.
Attackers can exploit this issue to execute arbitrary php code within the context of the affected webserver process.
Elastix < 2.4 is vulnerable
other versions may also be affected.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 9.0
AV:N/AC:L/Au:N/C:C/I:P/A:P
Related Vulnerabilities
- Atmail Multiple Unspecified Security Vulnerabilities.
- ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities
- AdPeeps 'index.php' Multiple Vulnerabilities.
- Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
- ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability