mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
873 B
873 B
CVE-2014-7235
Description
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
POC
Reference
- http://packetstormsecurity.com/files/128516/FreePBX-Authentication-Bypass-Account-Creation.html
- https://www.exploit-db.com/exploits/41005/
Github
No PoCs found on GitHub currently.