Published: 06/09/2012 Updated: 10/12/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 766

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and previous versions allows remote malicious users to execute arbitrary commands via the callmenum parameter in a c action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sangoma freepbx 2.9
sangoma freepbx

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::R ...

Product: FreePBX Version: 2100, 290 and perhaps earlier versions Type: Remote Command Execution, XSS Release Date: March 14, 2012 Vendor Notification Date: Jun 12, 2011 Author: Martin Tschirsich Overview: A remote command execution vulnerability and some XSS in current and earlier FreePBX versions due to missing input sanitization FreePBX ...

#!/usr/bin/python ############################################################ # Exploit Title: FreePBX / Elastix pre-authenticated remote code execution exploit # Google Dork: oy vey # Date: March 23rd, 2012 # Author: muts # Version: FreePBX 2100/ 290, Elastix 220, possibly others # Tested on: multiple # CVE : notyet # Blog post : ww ...

ExploitDev Journey #3 | CVE-2012-4869 | Elastix 220 - Remote Command Execution Original Exploit: wwwexploit-dbcom/exploits/18650 Exploit name: FreePBX 2100 / Elastix 220 - Remote Command Execution CVE: 2012-4869 Lab: Beep - HackTheBox Description There is a vulnerability in Elastix that allows us to execute system commands through callme_pagephp function El

Exploit for Elastix 2.2.0 and FreePBX 2.10.0 based on CVE-2012-4869 vulnerability working on Python3

Elastix - Remote Code Execution Exploit for Elastix 220 and FreePBX 2100 based on CVE-2012-4869 vulnerability working on Python3 ·Connection without SSL ·Work on Python3

CWE-94 http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html http://www.exploit-db.com/exploits/18659 http://secunia.com/advisories/48463 http://www.securityfocus.com/bid/52630 http://www.freepbx.org/trac/ticket/5711 http://www.exploit-db.com/exploits/18649 http://seclists.org/fulldisclosure/2012/Mar/234 https://exchange.xforce.ibmcloud.com/vulnerabilities/74174 https://nvd.nist.gov https://github.com/0xkasra/CVE-2012-4869 https://github.com/bitc0de/Elastix-Remote-Code-Execution https://www.exploit-db.com/exploits/18659/

CVE-2012-4869

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect