EXPLOITDB-EDB-18659

EXPLOITDB ruby VERIFIED WORKING POC

Exploit for CVE-2012-4869 - FreePBX <2.10 - Command Injection

AI Analysis

This Metasploit module exploits a code injection vulnerability in FreePBX versions 2.10.0 and 2.9.0 via the 'callmenum' parameter in callme_page.php, allowing remote command execution. It iterates over a range of extensions to trigger the payload.

Attack Type

RCE

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

Loading exploit code...

Download ZIP Password: eip

Source

Platform Exploitdb

Type webapps

Platform php

Language ruby

Files 1

https://www.exploit-db.com/exploits/18659

Authors

Metasploit muts Martin Tschirsich

Vulnerability

CVE-2012-4869

FreePBX <2.10 - Command Injection