Issabel PBX 4.0.0 RCE – Authenticated (CVE-2024-0986) Exploit

Issabel PBX 4.0.0 RCE – Authenticated (CVE-2024-0986) Exploit

vPython by Prapattimynk

Issabel PBX 4.0.0 allows a logged in user to use asterisk_cli console to create files with xmldoc and dump commands. This allows to execute remote commands based on the name of the uploaded files abus

Android Android 5.0Exploits And POCs
( 564 ratings )
Price: $0
File (CVE-2024-0986) Exploit
Publisher Prapattimynk
Genre Exploits And POCs
Size -
File Type Python
Os All
Mod Version Python
Report Report
(CVE-2024-0986) Exploit is the most famous version in the (CVE-2024-0986) Exploit series of publisher
Download

Issabel PBX 4.0.0 allows a logged in user to use asterisk_cli console to create files with xmldoc and dump commands. This allows to execute remote commands based on the name of the uploaded files abusing ‘restore.php’

A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252251. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.



Recommended for You

You may also like

Comments

Your email address will not be published. Required fields are marked *

Next Post X
Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.