cve/2017/CVE-2017-14535.md

CVE-2017-14535

Description

trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.

POC

Reference

• http://packetstormsecurity.com/files/162854/Trixbox-2.8.0.4-Remote-Code-Execution.html
• https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/
• https://www.linkedin.com/pulse/trixbox-os-command-injection-vulnerability-sachin-wagh-ceh-ecsa-/?published=t

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/ARPSyndicate/kenzer-templates
• https://github.com/Hacker5preme/Exploits