CVE-2005-3539
HylaFAX <= 4.2.3 - Remote Code Execution via Notify Script and CallID Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2005-3539. PoCs published by Patrice Fournier.
AI-analyzed exploit summary The exploit demonstrates command injection vulnerabilities in HylaFAX via the `sendfax` utility. It leverages improper input sanitization to execute arbitrary commands by embedding shell metacharacters in the `-d` and `-f` parameters.
Description
Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3.
Exploits (1)
The exploit demonstrates command injection vulnerabilities in HylaFAX via the `sendfax` utility. It leverages improper input sanitization to execute arbitrary commands by embedding shell metacharacters in the `-d` and `-f` parameters.