FreePBX is an open source telephony front-end, which has an easy to use graphical user interface that controls and manages Asterisk.
FreePBX fails to properly sanitize user-supplied input passed to 'callmenum' parameter in recordings/misc/callme_page.php when 'action' is set to 'c'. This can be exploited to execute arbitrary code.
Apply the patch from the FreePBX SVN repository, or from the support ticket.
This exploit has been tested against FreePBX 188.8.131.52 on CentOS 5.7 Linux. The exploit will brute-force extension numbers if one is not provided, but the call must be answered for the attack to succeed.