Arbitrary Command Execution in FreePBX 2.9 and Earlier
CVE-2012-4869 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.
Learn more about our Web Application Penetration Testing UK.