CVE-2012-4870

FreePBX < 2.9 - Cross-Site Scripting via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4870. PoCs published by Martin Tschirsich.

AI-analyzed exploit summary This exploit demonstrates a remote command execution (RCE) vulnerability in FreePBX due to missing input sanitization in the `callme_page.php` file, allowing arbitrary system commands to be executed via crafted HTTP requests. It also includes multiple XSS vulnerabilities in various endpoints.

Description

Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Martin Tschirsich · textwebappsphp

https://www.exploit-db.com/exploits/18649

View Code ZIP pw:eip

This exploit demonstrates a remote command execution (RCE) vulnerability in FreePBX due to missing input sanitization in the `callme_page.php` file, allowing arbitrary system commands to be executed via crafted HTTP requests. It also includes multiple XSS vulnerabilities in various endpoints.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: FreePBX 2.10.0, 2.9.0 and earlier

No auth needed

Prerequisites: Network access to the target FreePBX instance

MITRE ATT&CK