CVE-2014-9001

Incredible PBX 11 2.0.6.5.0 - Command Injection

Title source: llm

Description

reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters.

Exploits (1)

exploitdb WORKING POC

by Simo Ben Youssef · perlwebappsphp

https://www.exploit-db.com/exploits/35080

View Code ZIP pw:eip

References (1)

[Exploit] http://seclists.org/fulldisclosure/2014/Oct/101

Scores

EPSS 0.0620

EPSS Percentile 90.9%

Details

CWE

CWE-94

Status published

Products (1)

incrediblepbx/incredible_pbx_11 2.0.6.5.0

Published Nov 20, 2014

Tracked Since Feb 18, 2026