Vulnerability Details CVE-2007-2350
admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.5%
CVSS Severity
CVSS v2 Score 6.5
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053915.html
- http://osvdb.org/35316
- http://secunia.com/advisories/24935
- http://securityreason.com/securityalert/2652
- http://www.vupen.com/english/advisories/2007/1535
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053915.html
- http://osvdb.org/35316
- http://secunia.com/advisories/24935
- http://securityreason.com/securityalert/2652
- http://www.vupen.com/english/advisories/2007/1535