Trixbox 2.8.0.4 Remote Code Execution

Exploit Title: Trixbox 2.8.0.4 - 'lang' Remote Code Execution Unauthenticated Date: 27.05.2021 Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/ Credits to: Sachin Wagh Vendor Homepage:...

Trixbox 2.8.0.4 - (lang) Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Trixbox 2.8.0.4 - 'lang' Remote Code Execution Unauthenticated Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/ Credits to: Sachin Wagh Vendor Homepage:...

Trixbox 2.8.0.4 - 'lang' Remote Code Execution (Unauthenticated)

Exploit Title: Trixbox 2.8.0.4 - 'lang' Remote Code Execution Unauthenticated Date: 27.05.2021 Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/ Credits to: Sachin Wagh Vendor Homepage:...

CVE-2017-14535

trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php...

CVE-2017-14535

trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php...

CVE-2017-14535

CVE-2017-14535 affects Trixbox 2.8.0.4, vulnerable to an OS command-injection via shell metacharacters in the lang parameter of /maint/modules/home/index.php. The root cause is improper handling of input in this parameter, enabling remote command execution. Documented impact states successful exp...