Arbitrary Command Execution in FreePBX 2.9 and Earlier

Arbitrary Command Execution in FreePBX 2.9 and Earlier

CVE-2012-4869 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.

Learn more about our Web Application Penetration Testing UK.