The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and previous versions allows remote malicious users to execute arbitrary commands via the callmenum parameter in a c action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sangoma freepbx 2.9 |
||
sangoma freepbx |