2 matches found
CVE-2015-1875
Elastix 2.5.0 and earlier is affected by an SQL injection in a2billing/customer/iridium_threed.php, exploitable via the transactionID parameter. The vulnerability allows remote attackers to execute arbitrary SQL commands, potentially impacting data confidentiality and integrity and possibly other...
CVE-2010-1492
CVE-2010-1492 affects Elastix 1.6.0. A directory traversal flaw in help/frameRight.php (id_nodo parameter) lets remote attackers read arbitrary files using ..; no exploit details provided in the connected docs. CVSSv2 base score 5.0 (Medium). Remediation details are not specified in the supplied ...