CVE-2014-5335

innovaphone PBX < 10.00 - Cross-Site Request Forgery via CMD0/mod_cmd.xml or PBX0/ADMIN/mod_cmd_login.xml

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-5335. PoCs published by Rainer Giedat.

AI-analyzed exploit summary The exploit demonstrates a CSRF vulnerability in the Innovaphone PBX Administration GUI, allowing an attacker to change the administrator password or add a new SIP user via crafted HTML image tags. The vulnerability arises due to the lack of CSRF tokens or origin checks in the web interface.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify configurations or user accounts, as demonstrated by (1) changing the administrator password via a crafted request to CMD0/mod_cmd.xml or (2) adding a new SIP user via a crafted request to PBX0/ADMIN/mod_cmd_login.xml.

Exploits (1)

exploitdb WORKING POC
by Rainer Giedat · textwebappsmultiple
https://www.exploit-db.com/exploits/34408

The exploit demonstrates a CSRF vulnerability in the Innovaphone PBX Administration GUI, allowing an attacker to change the administrator password or add a new SIP user via crafted HTML image tags. The vulnerability arises due to the lack of CSRF tokens or origin checks in the web interface.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Innovaphone PBX Administration GUI (all known versions, tested 10.00 sr11)
Auth required
Prerequisites: Administrator must be logged into the PBX GUI · Victim must visit a malicious webpage or click a crafted link
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/533197/100/0/threaded

Scores

EPSS 0.0122
EPSS Percentile 65.1%

Details

CWE
CWE-352
Status published
Products (1)
innovaphone/innovaphone_pbx < 10.00
Published Aug 25, 2014
Tracked Since Feb 18, 2026