Trixbox

trixbox

Vendor: Netfortris • 10 CVEs

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-7351 1Netfortris 1Trixbox Nov 21, 2024 May 1, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. Note t...Show more An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012. This issue affects: Fonality Trixbox Community Edition, versions 1.2.0 through 2.8.0.4. Versions 1.0 and 1.1 are unaffected.Show less
CVE-2017-14537 1Netfortris 1Trixbox Nov 21, 2024 Feb 16, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
CVE-2017-14536 1Netfortris 1Trixbox Nov 21, 2024 Feb 16, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php.
CVE-2017-14535 1Netfortris 1Trixbox Nov 21, 2024 Feb 16, 2018 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.
CVE-2014-5112 1Netfortris 1Trixbox May 6, 2026 Jul 28, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter.
CVE-2014-5111 1Netfortris 1Trixbox May 6, 2026 Jul 28, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) rep...Show more Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.Show less
CVE-2014-5110 1Netfortris 1Trixbox May 6, 2026 Jul 28, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the id_nodo parameter.
CVE-2014-5109 1Netfortris 1Trixbox May 6, 2026 Jul 28, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action.
CVE-2010-0702 1Netfortris 1Trixbox Apr 29, 2026 Feb 23, 2010 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2007-6424 1Netfortris 1Trixbox Apr 23, 2026 Dec 18, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows...Show more registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote attackers to disable trixbox and execute arbitrary commands via a DNS spoofing attack.Show less