CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-08 06:06:44 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
dc3bd6cd71a486f862e7cf4da52fce4cfeb10e52
CVEs-PoC/2018/CVE-2018-19911.md
T
0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00

880 B
Raw Blame History

CVE-2018-19911

Description

FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used.

POC

Reference

No PoCs from references.

Github

Reference in New Issue View Git Blame Copy Permalink