The vulnerability of the conference communication component in Telecommunications Systems Mitel Connect OnSite and ST14.2 allows a intruder to execute arbitrary code.

The vulnerability of the conference communication components in Mitel Connect OnSite and ST 14.2 systems is related to improper handling of code generation. Exploiting this vulnerability allows an attacker to inject arbitrary code into the generated PHP files and execute it using specially crafte...