HTTP: FreePBX Framework Module config.php Code Execution
This signature detects attempts to exploit a known vulnerability against FreePBX. The vulnerability is due to an error in admin/config.php, the main interface to FreePBX. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system with the privileges of FreePBX.
Extended Description
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.
Affected Products
Sangoma freepbx
Short Name
HTTP:MISC:FREEPBX-CFG-CODE-EXEC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2014-1903 Code Execution Framework FreePBX Module config.php
Release Date
08/06/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Sangoma
Freepbx
CVSS Score
7.5