Elastix < 2.4 PHP Code Injection Vulnerability Network Vulnerability

Summary

Elastix is prone to a php code injection vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary php code within the context of the affected webserver process. Elastix < 2.4 is vulnerable other versions may also be affected.

References

http://packetstormsecurity.com/files/119253/elastix23-exec.txt
http://www.elastix.org/

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 9.0 AV:N/AC:L/Au:N/C:C/I:P/A:P

Related Vulnerabilities

AdMentor Login Flaw
AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
AjaXplorer zoho plugin Directory Traversal Vulnerability
Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities

Take action and discover your vulnerabilities