An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters.
CPE | Name | Operator | Version |
---|---|---|---|
cloud_phone_system | le | 7.19 |