Summary
This host is running FreePBX and is prone to multiple cross site scripting and remote command execution vulnerabilities.
Impact
Successful exploitation may allow remote attackers to steal cookie-based authentication credentials or execute arbitrary commands within the context of the affected application.
Impact Level: System/Application
Solution
Apply the patch from below link,
http://www.freepbx.org/trac/ticket/5711
Insight
Multiple flaws are caused by an,
- Improper validation of user-supplied input by multiple scripts, which allows attacker to execute arbitrary HTML and script code on the user's browser session in the security context of an affected site.
- Input passed to the 'callmenum' parameter in recordings/misc/callme_page.php (when 'action' is set to 'c') is not properly verified before being used.
This can be exploited to inject and execute arbitrary shell commands.
Affected
FreePBX versions 2.9.0 and 2.10.0
References
- http://packetstormsecurity.org/files/111130/freepbx2100-exec.txt
- http://secunia.com/advisories/48463
- http://secunia.com/advisories/48475
- http://www.exploit-db.com/exploits/18649
- http://www.freepbx.org/trac/ticket/5711
- http://www.freepbx.org/trac/ticket/5713
- http://xforce.iss.net/xforce/xfdb/74173
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-4869, CVE-2012-4870 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
- Adobe ColdFusion Directory Traversal Vulnerability
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- ArticleFR CMS 'id' Parameter SQL Injection Vulnerability
- A-Blog 'sources/search.php' SQL Injection Vulnerability