Default welcome msg!

Elastix PBX 2.2.0 callme_page.php Remote Command Execution with Local Privilege Escalation

Technical Details

SKU EH-12-308
Product Type Metasploit Exploit
References

http://lists.grok.org.uk/pipermail/full-disclosure/2012-March/086219.html

http://www.exploit-db.com/exploits/18650/

Metasploit Filepath exploits/unix/webapp/freepbx_callme_rce.rb
Targets Elastix 2.2.0 and prior
Platform Elastix Linux
Hashes No
Author American Information Security Group (aisg-001)
Version 01
License ExploitHub
Disclosure Date Jan 1, 1970
Validation Status Unvalidated - Sanity Checked
Validation Report No
Validation Score No
Date Validated No
Validation Queue Position No
Supplementary Data No

Quick Overview

A remote command execution vulnerability exists in Elastix PBX version 2.2.0 and earlier when using unpatched versions of FreePBX 2.5, 2.6, 2.7, 2.8, 2.9, and 2.10.
$1,100.00

Details

This vulnerability in Elastix 2.2.0 and earlier allows for remote command execution in Elastix. Once it completes you may type "nmap --interactive" and "!sh" to escalate your privileges to root on most systems.

Product Tags

Use spaces to separate tags. Use single quotes (') for phrases.

Write Your Own Review

You're reviewing: Elastix PBX 2.2.0 callme_page.php Remote Command Execution with Local Privilege Escalation

How do you rate this product? *

  1 star 2 stars 3 stars 4 stars 5 stars
Price
Value
Quality

Customer Reviews

No reviews.