CVE-2014-7235

EXPLOITED IN THE WILD

ARI Framework module/Asterisk Recording Interface (ARI) <2.9.0.9, <...

Title source: llm

Exploitation Summary

CVE-2014-7235 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit from researchers including inj3ctor3.

AI-analyzed exploit summary This exploit leverages a PHP deserialization vulnerability in FreePBX's ARI Framework module via the 'ari_auth' cookie. It injects malicious serialized data to execute arbitrary commands, creating a backdoor in 'misc/audio.php' for remote command execution.

Description

htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.

Exploits (1)

exploitdb WORKING POC

by inj3ctor3 · textwebappsphp

https://www.exploit-db.com/exploits/41005

View Code ZIP pw:eip

This exploit leverages a PHP deserialization vulnerability in FreePBX's ARI Framework module via the 'ari_auth' cookie. It injects malicious serialized data to execute arbitrary commands, creating a backdoor in 'misc/audio.php' for remote command execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5

No auth needed

Prerequisites: Target must have vulnerable FreePBX version · ARI module must be accessible

MITRE ATT&CK