Description
maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/39352
References (1)
Core 1
Core References
Exploit x_refsource_misc
http://packetstormsecurity.com/files/127522/Trixbox-XSS-LFI-SQL-Injection-Code-Execution.html
Scores
EPSS
0.0717
EPSS Percentile
91.6%
Details
CWE
CWE-94
Status
published
Products (1)
netfortris/trixbox
Published
Jul 28, 2014
Tracked Since
Feb 18, 2026