Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 APP:FREEPBX-CALLMENUM

Severity

 Medium

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 FreePBX callmenum Remote Code Execution

Release Date

 2012/08/24

Update Number

 2178

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: FreePBX callmenum Remote Code Execution


This signature detects attempts to exploit a known vulnerability against FreePBX. A successful attack can lead to arbitrary code execution. Version 2.10.0, 2.9.0 are affected by this vulnerability. Other versions might also be affected.

Extended Description

myFAQ is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Affected Products

  • myFAQ 1.0.0

References

  • BugTraq: 14503
  • CVE: CVE-2005-2561

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out