RCE in Netfortris Trixbox

CVE-2014-5112

maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.072 (91.7th percentile) — read the EPSS interpretation.

Affected products

Netfortris Trixbox
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

cve@mitre.org (Exploit, x_refsource_MISC)