VulnCheck KEV: CVE-2012-4869

The callmestartcall function in recordings/misc/callmepage.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action...

PT-2012-5621 · Sangoma · Freepbx

Name of the Vulnerable Software and Affected Versions: FreePBX versions 2.9 and earlier Description: The issue allows remote attackers to execute arbitrary commands. This is achieved through the callmenum parameter in a 'c' action, specifically targeting the callme startcall function in...

FreePBX 2.10.0 / 2.9.0 callmenum Remote Code Execution

This module exploits FreePBX version 2.10.0,2.9.0 and possibly older. Due to the way callmepage.php handles the 'callmenum' parameter, it is possible to inject code to the '$channel' variable in function callmestartcall in order to gain remote code execution. Please note in order to use this modu...