30 matches found
CVE-2025-30004 Xorcom CompletePBX <= 5.2.35 Task Scheduler Authenticated Command Injection
Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35...
CVE-2025-2292 Xorcom CompletePBX <= 5.2.35 Authenticated File Disclosure
Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35...
CVE-2025-2292
Xorcom CompletePBX (pre-5.2.36) is affected by an authenticated path traversal in the Backup and Restore function, enabling arbitrary file reads. The issue exists in CompletePBX up to version 5.2.35. Public advisories and tooling (e.g., Metasploit module) reference an authenticated file-disclosur...
CVE-2025-2292 Xorcom CompletePBX <= 5.2.35 Authenticated File Disclosure
Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35...
Xorcom CompletePBX 跨站脚本漏洞
Xorcom CompletePBX is an Asterisk-based enterprise-class IP telephony system from Xorcom Israel. A cross-site scripting vulnerability exists in Xorcom CompletePBX version 5.2.35 and earlier, which stems from a reflective cross-site scripting attack in the administration control panel...
PT-2025-13802
Name of the Vulnerable Software and Affected Versions Xorcom CompletePBX versions prior to 5.2.35 Description The issue affects the administrator Task Scheduler functionality, allowing attackers to execute arbitrary commands as the root user. Recommendations For versions prior to 5.2.35, update t...
PT-2025-13803
Name of the Vulnerable Software and Affected Versions Xorcom CompletePBX versions prior to 5.2.35 Description The issue affects the Diagnostics reporting module, allowing for path traversal. This enables the reading of arbitrary files and the deletion of any retrieved file in place of the expecte...
Xorcom CompletePBX 操作系统命令注入漏洞
Xorcom CompletePBX is an Asterisk-based enterprise-class IP telephony system from Xorcom Israel. An operating system command injection vulnerability exists in Xorcom CompletePBX version 5.2.35 and earlier, which stems from command injection in the administrator task scheduling feature and could...
PT-2025-13801
Name of the Vulnerable Software and Affected Versions Xorcom CompletePBX versions through 5.2.35 Description The issue is an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality. Recommendations For versions through 5.2.35, update to a version...
Xorcom CompletePBX 路径遍历漏洞
Xorcom CompletePBX is an Asterisk-based enterprise-class IP telephony system from Xorcom Israel. A path traversal vulnerability exists in Xorcom CompletePBX version 5.2.35 and earlier, which stems from path traversal and could lead to arbitrary file reads...