📄 Xorcom CompletePBX 5.2.35 Remote Code Execution

Xorcom CompletePBX suffers from an authenticated command injection vulnerability within the Task Scheduler subsystem. An attacker with valid superadmin credentials can create a scheduled task containing unsanitized parameters that get executed by the backend, resulting in remote command execution...

EUVD-2025-8860

Malicious code in bioql PyPI...

Xorcom CompletePBX Authenticated Command Injection via Task Scheduler

This module exploits an authenticated command injection vulnerability in Xorcom CompletePBX versions use exploit/linux/http/xorcomcompletepbxscheduler msf exploitxorcomcompletepbxscheduler show targets ...targets... msf exploitxorcomcompletepbxscheduler set TARGET msf...

📄 Xorcom CompletePBX Authenticated Command Injection Via Task Scheduler

This Metasploit module exploits an authenticated command injection vulnerability in Xorcom CompletePBX versions less than or equal to 5.2.35. The issue resides in the task scheduler functionality, where user-controlled input is improperly sanitized, allowing arbitrary command execution with web...

CVE-2025-30005

Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

CVE-2025-30006

Xorcom CompletePBX is vulnerable to a reflected cross-site scripting XSS in the administrative control panel. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

CVE-2025-2292

Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35...

CVE-2025-30004

Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

CVE-2025-30006

Xorcom CompletePBX is vulnerable to a reflected cross-site scripting XSS in the administrative control panel. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

CVE-2025-30005

Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

CVE-2025-30004

Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

CVE-2025-2292

Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35...

CVE-2025-30006 Xorcom CompletePBX <= 5.2.35 Reflected Cross-Site Scripting

Xorcom CompletePBX is vulnerable to a reflected cross-site scripting XSS in the administrative control panel. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

CVE-2025-30006 Xorcom CompletePBX <= 5.2.35 Reflected Cross-Site Scripting

Xorcom CompletePBX is vulnerable to a reflected cross-site scripting XSS in the administrative control panel. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

CVE-2025-30005 Xorcom CompletePBX <= 5.2.35 Authenticated Path Traversal & File Deletion

Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

CVE-2025-30005

Xorcom CompletePBX

CVE-2025-30005 Xorcom CompletePBX <= 5.2.35 Authenticated Path Traversal & File Deletion

Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

CVE-2025-30004

CVE-2025-30004 — Xorcom CompletePBX Authenticated Command Injection Affected: Xorcom CompletePBX versions up to 5.2.35 (all editions).Root cause: Authenticated command injection in the Task Scheduler subsystem; unsanitized parameters allow execution of arbitrary commands with web server/root priv...

CVE-2025-30004 Xorcom CompletePBX <= 5.2.35 Task Scheduler Authenticated Command Injection

Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

CVE-2025-30004 Xorcom CompletePBX <= 5.2.35 Task Scheduler Authenticated Command Injection

Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35...