Vulnerabilities

CVE-2014-7235

by Fred · 07/10/2014

htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.

Date published : 2014-10-07

http://www.securityfocus.com/bid/70188

http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536

Similar

Tags: Cybersecurity Alert