An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder.
[
{
"cpes": [
"cpe:2.3:a:vitalpbx:vitalpbx:*:*:*:*:*:*:*:*"
],
"vendor": "vitalpbx",
"product": "vitalpbx",
"versions": [
{
"status": "affected",
"version": "3.2.4-5"
}
],
"defaultStatus": "unknown"
}
]