Description
SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/39347
References (2)
Core 2
Core References
VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/94718
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/127522/Trixbox-XSS-LFI-SQL-Injection-Code-Execution.html
Scores
EPSS
0.0018
EPSS Percentile
39.9%
Details
CWE
CWE-89
Status
published
Products (1)
netfortris/trixbox
Published
Jul 28, 2014
Tracked Since
Feb 18, 2026