A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and previous versions, and Mitel ST 14.2, release GA28 and previous versions, could allow an unauthenticated malicious user to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an malicious user to execute arbitrary PHP code within the context of the application.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mitel st14.2 |
||
mitel connect onsite |