virus logo Intrusion Prevention

FreePBX.Framework.Hotelwakeup.Module.Directory.Traversal

description-logoDescription

This indicates an attack attempt against a Directory Traversal vulnerability in FreePBX Framework.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application while handling maliciously crafted requests to /admin/ajax.php. A remote attacker can exploit this to download arbitrary file from the target server via a crafted request.

affected-products-logoAffected Products

FreePBX Project hotelwakeup Module prior to 13.0.15
FreePBX Project FreePBX Framework 13.x

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the latest update from the vendor.
http://wiki.freepbx.org/display/FOP/2016-08-09+CVE+Remote+Command+Execution+with+Privileged+Escalation

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

http://wiki.freepbx.org/display/FOP/2016-08-09+CVE+Remote+Command+Execution+with+Privileged+Escalation HTTPS://WWW.EXPLOIT-DB.COM/EXPLOITS/40614/
ID 43470
Created Dec 15, 2016
Updated Aug 29, 2018
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID
Default Action drop
Active
Affected OS Linux
Affected App PHP_app