4 matches found
TrixBox CE 2.8.0.4 Command Execution Exploit
This Metasploit module exploits an authenticated OS command injection vulnerability found in Trixbox CE versions 1.2.0 through 2.8.0.4 inclusive in the network POST parameter of the /maint/modules/endpointcfg/endpointdevicemap.php page. Successful exploitation allows for arbitrary command executi...
TrixBox CE 2.8.0.4 Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TrixBox CE endpointdevicemap.php Authenticated Command Execution', 'Description' = %q This module exploits an authenticated OS command injection...
CVE-2020-7351
creationtimestamp| type| source ---|---|--- 2020-05-04 21:23:04+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/trixboxceendpointdevicemaprce.rb 2025-02-06 03:13:44+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:30+00:0...
CVE-2020-7351
CVE-2020-7351 describes an authenticated OS command injection in Fonality Trixbox Community Edition, affecting the endpoint_devicemap.php component. The vulnerability allows execution of arbitrary OS commands as the user asterisk via the network POST parameter in /maint/modules/endpointcfg/endpoi...