Lucene search

[email protected]CVE-2014-9001

HistoryOct 03, 2022 - 4:20 p.m.

CVE-2014-9001

2022-10-0316:20:39

CWE-94

[email protected]

web.nvd.nist.gov

cve-2014-9001

remote code execution

authenticated users

shell metacharacters

security vulnerability

incredible pbx 11 2.0.6.5.0

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.1%

JSON

reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters.

Affected configurations

NVD

Node

incrediblepbxincredible_pbx_11Match2.0.6.5.0

CPENameOperatorVersion
incrediblepbx:incredible_pbx_11incrediblepbx incredible pbx 11eq2.0.6.5.0

CPE	Name	Operator	Version
incrediblepbx:incredible_pbx_11	incrediblepbx incredible pbx 11	eq	2.0.6.5.0

References

seclists.org/fulldisclosure/2014/Oct/101

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.1%

JSON

Related for CVE-2014-9001

cvelist1 nvd1 prion1