Описание
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.
Ссылки
- ProductThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Vendor Advisory
- ProductThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
Связанные уязвимости
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.
Уязвимость компонента конференц-связи телекоммуникационных систем Mitel Connect OnSite и ST14.2, позволяющая нарушителю выполнить произвольный код
EPSS
9.8 Critical
CVSS3
10 Critical
CVSS2