CVE-2017-14535

trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.

Date published : 2018-02-15

http://www.securityfocus.com/bid/103004

http://packetstormsecurity.com/files/162854/Trixbox-2.8.0.4-Remote-Code-Execution.html