What is CVE-2012-4869?

CVE-2012-4869 is a vulnerability in Sangoma Freepbx, classified under Code Injection. Published 2012-09-06.

Is CVE-2012-4869 known to be exploited?

13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Sangoma Freepbx

CVE-2012-4869

The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.857 (99.4th percentile) — read the EPSS interpretation.

Affected products

Sangoma Freepbx — versions 2.9
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

References

18649 (Exploit, exploit, x_refsource_EXPLOIT-DB)
18659 (exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (x_refsource_MISC)
20120320 FreePBX remote command execution, xss (mailing-list, x_refsource_FULLDISC)
48463 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
52630 (Exploit, vdb-entry, x_refsource_BID)
freepbx-callmepage-command-exec(74174) (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2012-4869?: CVE-2012-4869 is a vulnerability in Sangoma Freepbx, classified under Code Injection. Published 2012-09-06.
Is CVE-2012-4869 known to be exploited?: 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.