module
Xorcom CompletePBX Authenticated Command Injection via Task Scheduler
| Disclosed |
|---|
| Mar 2, 2025 |
Disclosed
Mar 2, 2025
Description
This module exploits an authenticated command injection vulnerability in Xorcom CompletePBX
versions input is improperly sanitized, allowing arbitrary command execution with web server privileges.
Only the superadmin user (admin) has the necessary permissions to trigger this exploit.
Even when creating a new user with maximum privileges, the vulnerability does not work.
versions input is improperly sanitized, allowing arbitrary command execution with web server privileges.
Only the superadmin user (admin) has the necessary permissions to trigger this exploit.
Even when creating a new user with maximum privileges, the vulnerability does not work.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.