4 matches found
Code injection
admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter...
CVE-2007-2350
The CVE concerns admin/config.php in the music-on-hold module of freePBX 2.2.x. It allows a remote authenticated administrator to execute arbitrary commands via shell metacharacters in the del parameter, indicating input handling/sanitization flaws in that file. Impact is potential remote command...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the 1 From, 2 To, 3 Call-ID, 4 User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by...
CVE-2007-2191
CVE-2007-2191 describes multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.2.x . The flaws allow remote attackers to inject arbitrary web script or HTML via SIP-related fields (1) From, (2) To, (3) Call-ID, (4) User-Agent, and potentially other SIP headers, with the malicious data s...