The exploit demonstrates an authenticated remote code execution vulnerability in FreePBX 13.0.35. The flaw arises from unsanitized user input in the 'remotemod' parameter, which is passed to the 'exec' function in 'functions.inc.php', allowing command injection.
Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:FreePBX 13.0.35
Auth required
Prerequisites:Authenticated access to the FreePBX admin panel