CVE-2013-10043

CRITICAL

OAstium VoIP PBX astium-confweb-2.1-25399 - Auth Bypass & RCE

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-10043. PoCs published by xistence, including Metasploit module exploits/linux/http/astium_sqli_upload.

AI-analyzed exploit summary This exploit leverages SQL injection to bypass authentication in Astium VoIP PBX, then uploads a PHP script to modify the config.php file with a reverse shell payload. The exploit triggers a sudo service reload to execute the payload as root, then cleans up the config.php file to restore functionality.

Description

A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script allows an attacker to bypass authentication via SQL injection. Once authenticated as an administrator, the attacker can upload arbitrary PHP code through the importcompany field in import.php, resulting in remote code execution. The malicious payload is injected into /usr/local/astium/web/php/config.php and executed with root privileges by triggering a configuration reload via sudo /sbin/service astcfgd reload. Successful exploitation leads to full system compromise.

Exploits (2)

exploitdb WORKING POC

by xistence · pythonwebappsphp

https://www.exploit-db.com/exploits/23831

View Code ZIP pw:eip

This exploit leverages SQL injection to bypass authentication in Astium VoIP PBX, then uploads a PHP script to modify the config.php file with a reverse shell payload. The exploit triggers a sudo service reload to execute the payload as root, then cleans up the config.php file to restore functionality.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Astium VoIP PBX <= v2.1 build 25399

No auth needed

Prerequisites: Network access to the target · PHP file upload functionality enabled · Sudo permissions for the Apache user to restart the astcfgd service

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC MANUAL

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/astium_sqli_upload.rb

View Code ZIP pw:eip

This Metasploit module exploits a SQL injection vulnerability in Astium to bypass authentication, then uploads a malicious PHP payload to achieve remote code execution with root privileges via a configuration reload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Astium astium-confweb-2.1-25399 RPM and lower

No auth needed

Prerequisites: Network access to the target · Astium web interface accessible

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/23831

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/astium-voip-pbx-sqli-file-upload-rce

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/astium_sqli_upload.rb

Scores

CVSS v4 9.5

EPSS 0.0198

EPSS Percentile 77.9%

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434 CWE-89

Status published

Products (1)

Astium/VoIP PBX < astium-confweb-2.1-25399 RPM

Published Jul 31, 2025

Tracked Since Feb 18, 2026