Description
An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder.
Exploits (1)
Scores
CVSS v3
7.2
EPSS
0.0136
EPSS Percentile
80.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-284
Status
published
Products (20)
vitalpbx/vitalpbx
3.0.4
vitalpbx/vitalpbx
3.0.4-2
vitalpbx/vitalpbx
3.0.4-4
vitalpbx/vitalpbx
3.0.6-1
vitalpbx/vitalpbx
3.0.6-2
vitalpbx/vitalpbx
3.0.8 (3 CPE variants)
vitalpbx/vitalpbx
3.0.9 r3 (2 CPE variants)
vitalpbx/vitalpbx
3.1.0
vitalpbx/vitalpbx
3.1.1 (3 CPE variants)
vitalpbx/vitalpbx
3.1.2 r1
... and 10 more
Published
Feb 15, 2024
Tracked Since
Feb 18, 2026