Arbitrary Command Execution in Incredible PBX 11 2.0.6.5.0

Arbitrary Command Execution in Incredible PBX 11 2.0.6.5.0

CVE-2014-9001 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters.

Learn more about our User Device Pen Test.