mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-02 19:53:47 +00:00
873 B
873 B
CVE-2014-7235
Description
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
POC
Reference
- http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html
- https://www.exploit-db.com/exploits/41005/
Github
No PoCs found on GitHub currently.